Hello,
With software like dropbear-initramfs, cryptsetup-initrafs and others you can remotely unlock a server that has a LUKS-encrypted root partition. That is possible because there is an SSH server running in its unencrypted boot partition.
I would like to have an onion service running in the boot partition too, that way I could remotely unlock the root partition without caring about ports, DNS, etc.
How could I make it?
Any advise, suggestion or step-by-step guide would be very much welcome, but please have in mind that I am not a developer...
Thank you very much!
Amuza en Hackea:
Hello,
With software like dropbear-initramfs, cryptsetup-initrafs and others you can remotely unlock a server that has a LUKS-encrypted root partition. That is possible because there is an SSH server running in its unencrypted boot partition.
I would like to have an onion service running in the boot partition too, that way I could remotely unlock the root partition without caring about ports, DNS, etc.
How could I make it?
Any advise, suggestion or step-by-step guide would be very much welcome, but please have in mind that I am not a developer...
Thank you very much! _______________________________________________ tor-onions mailing list tor-onions@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-onions
I'm not sure I explained properly. Just in case I did not I will add that I am talking about being able to reboot an encrypted system and being able to remotely enter its decrypting passphrase through Tor so that it boots completely.
That would require having an onion service in its unencrypted boot partition. And I would like to know how to do so : )
Hi!
I am a bit leery of adding everything necessary to run a Tor onion service to "software like dropbear-initramfs, cryptsetup-initrafs and others". I've solved this problem by adding a Raspberry Pi Zero W to the mix. The Pi connects to the remote server via the USB port where it gets its power and emulates a human interface device (HID) -- essentially it acts as a keyboard. I use Tor Browser to shell into the Pi, then a simple bash script to send keystrokes to the server.
I started to develop this as a formal project, but got buried by COVID-related issues (I'm a physician). There's a sketchy kind of write-up about it on one of my blogs:
https://looseassociations.com/?p=518
I know this isn't really what you're looking for, but it does the job.
Please let us know if you find out anything more about adding an onion service to one oft the initramfs solutions.
Peace...
--Ron
On Mar 5, 2021, at 09:58, Amuza en Hackea amuza@hackea.org wrote:
I am talking about being able to reboot an encrypted system and being able to remotely enter its decrypting passphrase through Tor so that it boots completely.
tor-onions@lists.torproject.org
-
Amuza en Hackea -
ronqonions@risley.net