kevinveenbirkenbach/hetzner-arch-luks
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/hetzner-arch-luks.git synced 2025-11-04 10:48:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

In between commit

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2020-04-17 18:52:26 +02:00
parent 0f4f8726dd
commit c1e01bb1e8
1 changed files with 29 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
README.md
View File

@@ -77,14 +77,14 @@ pacman -Syyu
#### 2.3 #### 2.3
Install basic administration software: Install basic administration software:
```bash ```bash
pacman -Syyu nano pacman -S nano
``` ```
#### 3. Prepare System for Unlocking via SSH #### 3. Prepare System for Unlocking via SSH
#### 3.1 Execute the following script #### 3.1 Execute the following script
```bash ```bash
# Install software # Install software
pacman -Syyu busybox mkinitcpio-dropbear mkinitcpio-utils mkinitcpio-netconf pacman -S busybox mkinitcpio-dropbear mkinitcpio-utils mkinitcpio-netconf
#Copy ssh-key #Copy ssh-key
cp -v ~/.ssh/authorized_keys /etc/dropbear/root_key cp -v ~/.ssh/authorized_keys /etc/dropbear/root_key
``` ```
@@ -95,8 +95,14 @@ HOOKS=(base udev autodetect modconf block mdadm_udev lvm2 filesystems keyboard f
``` ```
with with
``` ```
HOOKS=(netconf dropbear encryptssh base udev autodetect modconf block mdadm_udev lvm2 filesystems keyboard fsck) HOOKS=(base udev autodetect modconf block mdadm_udev lvm2 netconf dropbear encryptssh filesystems keyboard fsck)
``` ```
<span style="color:red">
/etc/initramfs-tools/initramfs.conf anpassen <br>
Alt: BUSYBOX=auto <br>
Neu: BUSYBOX=y <br>
http://daemons-point.com/blog/2019/10/20/hetzner-verschluesselt/#etcinitramfs-toolsinitramfsconf-anpassen
</span>
### 4. Activate Encryption ### 4. Activate Encryption
#### 4.1 #### 4.1
@@ -191,15 +197,31 @@ chroot /mnt
```bash ```bash
echo "cryptroot /dev/md1 none luks" >> /etc/crypttab echo "cryptroot /dev/md1 none luks" >> /etc/crypttab
``` ```
# I think here the mess starts....
#### 4.15 #### 4.15
rewrite initramfs ***?assume this should be right???*** rewrite initramfs <span style="color:red">***?assume this should be right???***</span>
```bash ```bash
mkinitcpio
mkinitcpio -p linux mkinitcpio -p linux
``` ```
Missing **initramfs neu schreiben** **GRUB neu schreiben** Missing **initramfs neu schreiben** **GRUB neu schreiben**
### 5
<span style="color:red">ist das folgende richtig</span>
```bash
pacman -S grub
```
<span style="color:red">Is the following correct? See https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#Remote_unlocking_(hooks:_netconf,_dropbear,_tinyssh,_ppp)</span>
Edit /etc/default/grub and tell the Kernel about the cryptdevice and the mdraid, and netconf that we want dhcp
```bash
GRUB_CMDLINE_LINUX="cryptdevice=/dev/md0:root ip=dhcp"
```
```bash
grub-mkconfig -o /boot/grub/grub.cfg
```
```bash
grub-install /dev/sda
grub-install /dev/sdb
```
ssh-keygen -b 4096 -t rsa -m PEM -f /etc/ssh/ssh_host_rsa_key ssh-keygen -b 4096 -t rsa -m PEM -f /etc/ssh/ssh_host_rsa_key
dropbearconvert openssh dropbear /etc/ssh/ssh_host_rsa_key /etc/dropbear/dropbear_rsa_host_key dropbearconvert openssh dropbear /etc/ssh/ssh_host_rsa_key /etc/dropbear/dropbear_rsa_host_key