Mario 'BitKoenig' Holbe wrote: > Bryan Kadzban <cryptsetup@xxxxxxxxxxxxxxxxxxx> wrote: >> But yeah; an alternate generic select()able FD (in addition to >> /dev/tty) would allow this to work mostly-unmodified; you could log >> into SSH and just echo the passphrase into the write end of a named >> pipe, or > > This is exactly what askpass does - shipped with the Debian > cryptsetup package and used in the initramfs. Hmm. Indeed, askpass listens on several file descriptors, including /dev/console and a specific named pipe. (Also on some sort of pipe or socket or something to splashy, whatever that is, and another pipe or socket or something to usplash, whatever *that* is. Presumably those things are "infrastructure in Debian initramfs or boot scripts".) It wouldn't be terribly difficult to make askpass listen on a socket directly as well (although again, you'd really want to build in some kind of encryption; sshd is probably easier). Looks like the way to get this all to fit together is to pipe askpass into cryptsetup, and move the select() multiplexing out of cryptsetup itself. I suppose that works. Would it be possible to drop askpass into the cryptsetup package here? Or move it into a different package? That would make this easier on a distro that doesn't include the Debian patches to cryptsetup... _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
