diff options
Diffstat (limited to 'slurpkey-msg.sh')
-rwxr-xr-x | slurpkey-msg.sh | 58 |
1 files changed, 0 insertions, 58 deletions
diff --git a/slurpkey-msg.sh b/slurpkey-msg.sh deleted file mode 100755 index 800e1e2..0000000 --- a/slurpkey-msg.sh +++ /dev/null @@ -1,58 +0,0 @@ -#! /bin/sh -# -# Tell the user that the machine is ready to slurp the key for full disk -# encryption. -# -# Copyright 2013 Guilhem Moulin <guilhem@fripost.org> -# -# Licensed under the GNU GPL version 3 or higher. - -set -ue - -. /usr/share/debconf/confmodule - -ipv4="$(ip addr show eth0 | sed -nr 's/^\s+inet\s([0-9.]{4,32}).*/\1/p')" -template=$(mktemp) - -cat > "$template" <<EOF -Template: ssh-cryptsetup/title -Type: text -Description: Waiting for passphrase - -Template: ssh-cryptsetup/text -Type: text -Description: Press 'continue' once you have sent the key - You now need to send the encryption key for LUKS/dm-crypt to - this special-purpose SSH server: - . - ssh -T -p 22 -l root $ipv4 < /path/to/key - . - To defeat MiTM-attacks, please ensure that the server fingerprint matches - . - $(ssh-keygen -lf /etc/ssh/ssh_host_rsa_key) - . - Key(s) that are granted access have the following fingerprint: - . -EOF -while read pk; do - # ssh-keygen can't read from STDIN, and ash doesn't have the '<<<' - # construct, so we save each pubkey in a temporary file - pkf=$(mktemp) - echo "$pk" > "$pkf" - echo " - $(ssh-keygen -lf $pkf)" >> "$template" - rm "$pkf" -done < ~root/.ssh/authorized_keys -cat >> $template <<EOF - . - Note: This server is ephemeral, and will be replaced with a full-blown - one toward the end of the installation. -EOF - -debconf-loadtemplate ssh-cryptsetup "$template" -# Anything sent to the SSH is stored into ~root/root.key, which is our -# LUKS key. -until test -r ~root/root.key; do - db_settitle ssh-cryptsetup/title - db_input critical ssh-cryptsetup/text - db_go -done |