On Thu, Dec 20, 2012 at 12:55 AM, Karol Babioch <karol@babioch.de> wrote:
Now my idea so far was the following: Start a screen session early (using "run_earlyhook"). Start dropbear whenever SSH access is needed, e.g. right before the "encrypt" hook itself using a separate "dropbear" hook ("run_hook" should be fine). Now the SSH session should be attached to the screen session, so the input/output will be "shared". After unlocking (run_cleanuphook) kill the screen session.
A completely different direction would be to use systemd in the initrd and take advantage of its password agent infrastructure [1] for this. As far as I can tell, we could be running the standard tty password agent and one that uses dropbear at the same time. I think Tom Gundersen is working on integrating systemd into the initrd, so this may not be too far off into the future. Best, Mika [1] http://www.freedesktop.org/wiki/Software/systemd/PasswordAgents