Remote unlock security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi, 

I am trying to configure my server to be able to be unlocked via ssh and dropbear. From the README.gz
I understand that I can issue the command:

ssh -o "UserKnownHostsFile=~/.ssh/known_hosts.initramfs" \
-i "~/id_rsa.initramfs" root@xxxxxxxxxxxxxxxxxxxxxxxxx \
"echo -ne \"secret\" >/lib/cryptsetup/passfifo"

What exactly will happen with the "secret" string? Will it be written to an unprotected part of a hard drive. If so
it may be retrieved by a careful investigation of that drive. From my non expert and humble opinion, a key (as 
the "secret") should only be stored on RAM (and erased even from the RAM as soon as possible).

Even if only stored in the RAM, I guess that the "secret" string will be stored in the .bash_history file on the 
computer from which the ssh-command was issued. I guess it is more recommended to log into the remote 
computer and then issue ( cat > /lib/cryptsetup/passfifo --> "secret" --> CTRL+D, will that work?)

Best Regards
David


_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt

[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux