|samba 3ac985ec30 adding some code||1 month ago|
|README.md||1 month ago|
|unlock-boot||1 month ago|
unlock-boot è un tool per sbloccare server cifrati con LUKS
By default the script has no TRUSTED HOST.
TRUSTED HOST are a list of ssh fingerprint insto the unlock-boot script. That's very important because you need to trust the ssh key from the dropbear server starting at the boot (which is not the ssh server of your unlocked machine).
If you are not checking the ssh fingerprint in some TRUSTED HOST you may send the luks key to a random server with the same ip address!
Do be safer is better to add a ssh key into the script as new TRUSED HOST, that's how you can do that:
$ ./unlock-boot -a 192.168.13.12 -s 2022-03-28 11:20:03 - INFO: Getting ssh key fingerprint # 192.168.13.12:22 SSH-2.0-OpenSSH_8.4p1 Debian-5 2022-03-28 11:20:05 - INFO: Host ssh key: ----------- SSH-KEY --------- myserver.tech ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDUB3sQqMpiuu+5vgsOia4iyOHA30UguQe2HdkWnbmfH0fFx5HbXkHWT5z5N4j8mcblt+WCAyDshl7gGl54X0UE= ----------- *** *** *** ---------
Once you have added the host in your trusted host you can unlock the boot by specifying the ip address (-a) and the luks password (-p) as you can see from the following output.
./unlock-boot -a 192.168.13.12 -p $(pass me/servername/luks ) ...