Early-ssh is a simple initramfs hook, which installs Dropbear SSH server into your initramfs, and starts it at boottime, so you will be able to do a lot of things remotely over SSH, before your root partition gets mounted, for example:
- unlocking LUKS encrypted crypto devices - even your root can be an encrypted filesystem
- assembling/altering RAID arrays (mdadm)
- checking the root filesystem in read-write mode, taking action in case of errors
- and so on...
Most likely you need to run the same several commands for your system init time to time. If you don't want to store them on your remote system, you may create a shell script for the job and copy it over scp to your remote machine (since v0.2). (I am sorry, but you can only copy to the server (machine running the early-ssh), but not from there yet.)
This way - of course - you can copy the key files for luks encryption as well.
All the copied files will be destroyed with the whole initramfs once the system has booted, so you will not leave the precious data permanently on the machine.
Actually I have several machines where I use this approach, here you can see my scripts for one server for example.
How to unlock LUKS encrypted devices?
First you have to load the dm-crypt module, then you can unlock them.
# modprobe dm-crypto # cryptesup luksOpen /dev/xxx yyy # mount /dev/mapper/yyy /mnt/zzz
How to assemble/manage mdadm RAID arrays?
First you have to load the appropriate module(s) (raid0, raid1, raid5, ...), then you can assemble them.
# modprobe raid1 # mdadm --assemble /dev/mdX /dev/xxx /dev/yyyOr you can manage them:
# modprobe raid1 # mdadm --remove /dev/mdX /dev/xxx # mdadm --add /dev/mdX /dev/yyy # mdadm --add /dev/mdX /dev/zzz
Since early-ssh is based on Dropbear SSH server, it needs it to be installed on your system (the build scripts searches in /usr/bin/dropbear, in debian you should install the dropbear package, but the .deb package have the required dependencies).
Tested and working on...
|Debian Etch||0.3.5||No issues.|
|Debian Lenny||0.3.5||No issues.|
|Debian Squeeze||0.3.5||No issues.|
|Debian Wheezy||(no working releases yet)||Pending...|
Please note: on Debian Wheezy the version 0.3.5 is not working, I am working on a fix.
If you have tested on any platforms and you have any results or comments (patches/fixes too!), I'd be happy to hear about it and probably would put the changes in the package, the results in the table above.
- tar.gz source (0.3.5, latest)
- Debian package (0.3.5, latest)
- tar.gz source (0.3.2)
- Debian package (0.3.2)
- tar.gz source (0.2)
- Debian package (0.2)
- tar.gz source (0.1)
- Debian package (0.1)
If you have any questions, suggestions, bugreports, comments, please feel free to contact me.
By the way this captcha was generated with Captchaz.