I'm trying to add dropbear to my initramfs so I can unlock the encrypted disk through a remote SSH session (as described here). I'm running Fedora 16 which apparently uses dracut to generate the initramfs image. Can anyone explain (or provide a link) how to add dropbear to initramfs using this setup?
Update:
I've been trying to learn more about dracut, but I'm finding that there's not a ton of information out there. Here is my current understanding, if anyone can comment on this:
- I need to create a new dracut module which installs a pre-mount hook into the initramfs image.
- The pre-mount hook will start the dropbear server, before any attempt is made to unlock/mount the LUKS filesystem (which presumably occurs during the "mount" phase).
- With dropbear started, I should be able to SSH to the server and provide the passphrase to unlock it, as describe in the other post.
- I also need to add a pre-pivot hook that will stop the dropbear server before the boot process chroots to the final root partition.
Best Answer
I was able to cobble together my own dracut module that adds dropbear to the initramfs and starts it during init. It also replaces the cryptroot-ask script from the dracut-crypt module (which asks you for your LUKS password) with a custom one which sits around and waits for you to unlock the filesystem yourself (e.g., over SSH) (as well as a little extra hocus).
I've put it up on bitbucket if anyone wants to use or improve it. It currently doesn't shutdown the dropbear server after boot, so that's probably something that could be improved.