akiraowen
n00b
Joined: 25 Mar 2024
Posts: 1
|
 Posted: Mon Mar 25, 2024 11:21 am Post subject: Genkernel - cannot remote unlock luks root (header + gpg) |
 |
|
Hey everyone,
So I've built a Gentoo system that has a luks encrypted root, detached header and gpg encrypted keyfile, dropbear sshd remote access + public key (all via Genkernel).
Now this system is tested and boots perfectly fine locally: I just enter the passphrase via the keyboard at the machine and its all good to continue booting.
I can remote ssh into the rescue shell, meanwhile its waiting for the passphrase on the local display.
The problem arises at this point, if I run the required "unlock_luks root" script it fails not knowing there is a luks device available ... it seems to be missing the "--header /mnt/header/root.header.img" parameter.
So instead I type out the full line into the rescue shell like what genkernel outputs on the local display (the one that works when entering the passphrase locally):
| Code: | | gpg --logger-file /dev/null --decrypt /mnt/key/key.luks.gpg | cryptsetup --header /mnt/header/root.header.img --key-file - open /dev/mmcblk0 root |
and what happens is that the remote shell appears to wait (but I can type characters that appear on the screen) and the local display re-asks for the passphrase ??
So the question is how I'm I suppose to unlock a luks + detached header + gpg enc key?
Why does keyboard input only get taken from the local machine and not the rescue shell, can I redirect input from the rescue shell into the local machine to enter the passphrase??
Thanks! |
|
Networking & Security
