Hi I was reading about how unlock encrypted root partition from remote (unattended). I'd like asking what is compatible way for this in centos and commonly used by administrators?
I think most simple is install dropbear in initramfs for allow remote SSH and manual enter passphrase. I find many HOWTO for that on debian/ubuntu, but nothing for centos.
Is there any help, recommend or HOWTO available for centos?
Example reference: https://security.stackexchange.com/questions/161974/unattended-disk-encrypti...
On Fri, 12 Mar 2021 ept8ept8@secmail.pro wrote:
Hi I was reading about how unlock encrypted root partition from remote (unattended). I'd like asking what is compatible way for this in centos and commonly used by administrators?
I think most simple is install dropbear in initramfs for allow remote SSH and manual enter passphrase. I find many HOWTO for that on debian/ubuntu, but nothing for centos.
Is there any help, recommend or HOWTO available for centos?
Example reference: https://security.stackexchange.com/questions/161974/unattended-disk-encrypti...
Is this what you're looking for?
Am 12.03.21 um 22:51 schrieb ept8ept8@secmail.pro:
Hi I was reading about how unlock encrypted root partition from remote (unattended). I'd like asking what is compatible way for this in centos and commonly used by administrators?
I think most simple is install dropbear in initramfs for allow remote SSH and manual enter passphrase. I find many HOWTO for that on debian/ubuntu, but nothing for centos.
Is there any help, recommend or HOWTO available for centos?
https://github.com/gsauthof/dracut-sshd
-- Leon
Am 12.03.21 um 22:51 schrieb ept8ept8@secmail.pro:
Hi I was reading about how unlock encrypted root partition from remote (unattended). I'd like asking what is compatible way for this in centos and commonly used by administrators?
I think most simple is install dropbear in initramfs for allow remote SSH and manual enter passphrase. I find many HOWTO for that on debian/ubuntu, but nothing for centos.
Is there any help, recommend or HOWTO available for centos?
Thanks Leon!
Is this what you're looking for?
Thanks Barry. I thinking would be easiest using SSH. This is more complex but a good solution.
Can both solutions be used together? So if automatic boot cant find Tang server and cant boot, I can SSH to enter manual password?
On 3/12/21 1:51 PM, ept8ept8@secmail.pro wrote:
Hi I was reading about how unlock encrypted root partition from remote (unattended). I'd like asking what is compatible way for this in centos and commonly used by administrators?
What's your threat model? Are you trying to protect the system from physical theft, or are you trying to make sure the disks aren't readable when they're retired or fail?
For most purposes, I recommend enrolling the disk with the TPM2 chip, so that disks can be unlocked at boot without human intervention. If theft is a concern, you'd need to ensure that the bootloader requires a password, and that the firmware boots only from the internal disk without a password:
clevis luks bind -d /dev/VOLUME tpm2 '{"pcr_ids":"7"}'
-
Barry Brimer -
ept8ept8@secmail.pro -
Gordon Messmer -
Leon Fauster