Auto run SSH or VNC at encrption stage
Hello All,
I have Encrypted at the root partition. The issue is when I remote onto the box I need to have the SSH service or the VNC service to be running or I wont be able to login to the box. This is because if the box resets I need to enter the passphrase.
I dont seem to know a way to enter the passphrase over SSH or VNC (because these services need to be running at the start). Does anyone have a solution
Kind Regards,
Shahel
Responses
You could setup key based authentication method for ssh and keep the authorized keys outside of root (basically keep it on a file system which is not encrypted), I've not tested this, but i assume it should work. But since root is encrypted in your case, I'm not positive with the approach.
There's a number of Google hits on this topic. Basically, you need to update your initramfs to use something like the Dropbear sshd so that you can SSH in prior to pivot_root from initramfs to the live kernel.
While this article is not for RHEL, same principals apply. Other articles will turn up if using the search terms initramfs, LUKS and Dropbear
Alternatively, if your box has a hardware remote console functionality (HP(e) iLO, Sun/Oracle ILOM, Fujitsu Primergy iRMC, and others), you could use it to enter the encryption password after the reboot, without making any changes to the OS.
If your box is a virtual machine, the virtualization platform will normally offer a console access feature which could be used for the same purpose; the platform administrator just needs to grant you the necessary permissions to access the console of your virtual machine.
Some things to be aware of when you say that console access is "normally" offered:
- AWS: No interactive console for VMs (AWS accounts for a huge number of VMs, these days)
- Some public cloud solutions: May not provide interactive console access for VMs - or the account owner may not delegate to account-users
- Some private cloud implementations: May not provide interactive console access for VMs - or the account owner may not delegate to account-users
- VMware: Console access may not be delegated to the VM-user/owner
On top of the above, some browsers don't work well with the console options that the virtualization platform makes available (especially so in controlled-desktop environments)
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
