#!/bin/bash Prefix='reboot' # Set a prefix for folder, keyfiles etc Device='eth0' # Your network interface Ip='10.0.0.99' # Your ip address Subnet='255.255.255.0' # Your subnet mask Gateway='10.0.0.1' # Your default gateway ############################################################################################## # # # BELOW BE DRAGONS # # # ############################################################################################## # Function for checking and replacing option values function updateSettings { File="$1" Pattern="$2" Replace="$3" if grep "${Pattern}" "${File}" >/dev/null; then # Pattern found, replace line sed -i s/.*${Pattern}.*/${Replace}/g "${File}" echo "" else # Pattern not found, append new echo "${Replace}" >> "${File}" fi } echo "Install dependencies" apt-get -y install dropbear busybox echo "" echo "" echo "Update /etc/initramfs-tools/initramfs.conf" File="/etc/initramfs-tools/initramfs.conf" updateSettings "${File}" "BUSYBOX=" "BUSYBOX=y" updateSettings "${File}" "DROPBEAR=" "DROPBEAR=y" updateSettings "${File}" "DEVICE=" "DEVICE=${Device}" updateSettings "${File}" "IP=" "IP=${Ip}::${Gateway}:${Subnet}::${Device}:off" echo "" echo "" echo "Creating host keys in /etc/initramfs-tools/etc/dropbear/" rm "/etc/initramfs-tools/etc/dropbear/dropbear_dss_host_key" rm "/etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key" dropbearkey -t dss -f "/etc/initramfs-tools/etc/dropbear/dropbear_dss_host_key" dropbearkey -t rsa -f "/etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key" echo "" echo "" echo "Creating private and public keys" rm -Rf "/etc/initramfs-tools/root/.ssh" mkdir -p "/etc/initramfs-tools/root/.ssh" mkdir -p "/root/${Prefix}" dropbearkey -t rsa -f "/root/${Prefix}/${Prefix}_rsa.dropbear" /usr/lib/dropbear/dropbearconvert dropbear openssh "/root/${Prefix}/${Prefix}_rsa.dropbear" "/root/${Prefix}/${Prefix}_rsa" dropbearkey -y -f "/root/${Prefix}/${Prefix}_rsa.dropbear" | grep "^ssh-rsa " > "/root/${Prefix}/${Prefix}_rsa.pub" cat "/root/${Prefix}/${Prefix}_rsa.pub" >> "/etc/initramfs-tools/root/.ssh/authorized_keys" echo "" echo "" echo "Updating current initramfs" update-initramfs -u clear echo "" echo "" echo "IMPORTANT: READ THE FOLLOWING LINES CAREFULLY!" echo "" echo "" echo "SCP the new public key to your local machine. Run from your local machine the following command:" echo "scp root@${Ip}:/root/${Prefix}/${Prefix}_rsa ~/.ssh/" echo "This will store the private key in your ~/.ssh/ folder as ${Prefix}_rsa" echo "" echo "" echo "To unlock the encrypted server after reboot run from the client:" echo 'ssh -o "UserKnownHostsFile=~/.ssh/known_hosts.'${Prefix}'" -i ~/.ssh/'${Prefix}'_rsa root@'${Ip}' "echo -ne \"YOURENCRYPTIONPASSWORD\" >/lib/cryptsetup/passfifo"' echo "Please replace YOURENCRYPTIONPASSWORD with the actual password for unlocking the root partition"