[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [RFC]: Install rescue-initramfs dialog

On Mon, Aug 18, 2008 at 1:12 PM, David Härdeman <david@hardeman.nu> wrote:
> On Sun, August 17, 2008 23:02, Per Andersson wrote:
>> On Sun, Aug 17, 2008 at 10:37 PM, David Härdeman wrote:
>>> Where does the SSH server get the passwords/keyfiles from?
> ...
>> Concerning key files, root's authorized_keys are copied to
>> ramdisk if they exist. Riku Voipio has verified that both
>> OpenSSH and Dropbear use the same key format for RSA
>> keys.
>
> Cool...would it be possible to support a separate file, say
> /root/.ssh/authorized_boot_keys so that root can specify one or more keys
> that are *only* used for boot ssh access?

It would be very easy to add such functionality AFAICS.
Although from a user perspective it might be easier to just
use root's authorized keys for both.


> And on a related note, did you know that we've added support to cryptsetup
> for getting a passphrase from an "external" source? Basically, if the
> machine is waiting at the cryptsetup passphrase prompt, you could (using
> your ssh-in-initramfs solution) log in and pipe the passphrase to
> /lib/cryptsetup/passfifo which would allow the boot to continue. Very
> useful on servers or embedded machines :)

No, I didn't know that but that's very useful indeed. I actually
have use for it even here at home. Great. :)


-- Per
Reply to: