Re: Onion on boot to remotely unlock root partition
On Sun, 7 Mar 2021 00:41:33 +0100
Amuza en Hackea <amuza@hackea.org> wrote:
> Hello, I'm new to this list!
>
> With software like dropbear-initramfs, cryptsetup-initrafs and others
> you can remotely unlock a booting Debian that has a LUKS-encrypted root
> partition.
>
> That is possible because it runs a SSH server in its unencrypted boot
> partition which gives you basic remote access. That basic access is
> enough to enter the unlocking passphrase which will let the encrypted
> system boot.
>
> That works great, but you need a public static address or DDNS and port
> redirection.
>
> I would like to have an onion service running in the boot partition too,
> that way I could do the same without caring about addresses, ports or
> names. And would add privacy too.
>
> How could I make it?
>
> Any advise, suggestion or step-by-step guide would be very much welcome,
> but please keep in mind that I am not a developer.
>
> Thank you very much!
1) I'm no expert, but I think that using tor instead of something like
ddns for something like this is overcomplicating things, which is
probably why not many people seem to be doing it.
2) That being said, here's a solution someone built for Arch - I don't
know how easy it'll be to port it over to Debian:
https://github.com/grazzolini/mkinitcpio-tor
Celejar
Reply to: