[arch-general] mkinitcpio: Rethinking remote unlock via SSH

Mika Fischer mika.fischer at zoopnet.de
Wed Dec 19 19:23:40 EST 2012

On Thu, Dec 20, 2012 at 12:55 AM, Karol Babioch <karol at babioch.de> wrote:
> Now my idea so far was the following: Start a screen session early
> (using "run_earlyhook"). Start dropbear whenever SSH access is needed,
> e.g. right before the "encrypt" hook itself using a separate "dropbear"
> hook ("run_hook" should be fine). Now the SSH session should be attached
> to the screen session, so the input/output will be "shared". After
> unlocking (run_cleanuphook) kill the screen session.

A completely different direction would be to use systemd in the initrd
and take advantage of its password agent infrastructure [1] for this.
As far as I can tell, we could be running the standard tty password
agent and one that uses dropbear at the same time.

I think Tom Gundersen is working on integrating systemd into the
initrd, so this may not be too far off into the future.


[1] http://www.freedesktop.org/wiki/Software/systemd/PasswordAgents

More information about the arch-general mailing list