Hi David, On Mon, Dec 20, 2010 at 08:05:25PM +0100, David Jacquet wrote: > Hi, > > I am trying to configure my server to be able to be unlocked via ssh and > dropbear. From the README.gz > I understand that I can issue the command: > > ssh -o "UserKnownHostsFile=~/.ssh/known_hosts.initramfs" \ > -i "~/id_rsa.initramfs" root@xxxxxxxxxxxxxxxxxxxxxxxxx \ > "echo -ne \"secret\" >/lib/cryptsetup/passfifo" > > What exactly will happen with the "secret" string? Will it be written to an > unprotected part of a hard drive. I do not understand what "passfifo" is suppoded to do, you should probably do something like this instead: ssh "cat <file-with-secret> | cryptsetyp --key-file - <other options>" > If so > it may be retrieved by a careful investigation of that drive. From my non > expert and humble opinion, a key (as > the "secret") should only be stored on RAM (and erased even from the RAM as > soon as possible). Indeed. However "as soon as possible" is on device removal from LUKS/dm-crypt control. > Even if only stored in the RAM, I guess that the "secret" string will be > stored in the .bash_history file on the > computer from which the ssh-command was issued. Therefore never show it to bash. > I guess it is more > recommended to log into the remote > computer and then issue ( cat > /lib/cryptsetup/passfifo --> "secret" --> > CTRL+D, will that work?) Still don't get what "passfifo" is for. Is this some contruction like this? mkfifo passfifo cryptsetup --key-file passfifo Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
