1

I have Ubuntu OS with encrypted partition. During boot, I want to download keyfile from remote server using scp and use it to decrypt partition.

What I did:

/etc/initramfs-tools/hooks/myhook.sh

#PREREQS blah blah

mkdir ${DESTDIR}/usr
mkdir ${DESTDIR}/usr/bin
cp -pnL /usr/local/bin/dropbearmulti ${DESTDIR}/bin/dropbearmulti #compiled dropbear ssh/scp client
cp -pnL /etc/initramfs-tools/root/.ssh/* ${DESTDIR}/root/.ssh #copy keys/known_hosts to image

/etc/initramfs-tools/scripts/local-top/myscript.sh

ln -s /bin/dropbearmulti /usr/bin/dbclient #symlink for dbclient (need to make scp work)
export HOME=/root
/bin/dropbearmulti scp user@host:/home/user/file /tmp/file
#HERE I NEED TO READ PASSWORD FOR SCP

Network is configured, everything is fine. When it executes scp, I see prompt where I need to enter password, but I can't do so (it hangs) boot process is stuck.

I've tried to use plymouth:

/bin/plymouth ask-for-password --prompt "Specify password: " | /bin/dropbearmulti scp user@host:/home/user/file /tmp/file

It was asking for password, I was able to input it and submit, but it didn't pass it to scp (scp again asked for password and got stuck)

How can I pass password from stdin to scp command?

Thanks

akasummer
  • 111
  • 2
  • I think your question duplicates http://stackoverflow.com/questions/1340366/how-to-make-ssh-receive-the-password-from-stdin ? – user2563336 Apr 06 '17 at 13:30

1 Answers1

0

I don't know how much security you need, but one option is to serve the key file over HTTPS, in a password protected directory. You can include curl in the initramfs and use it to download the key file. I guess it would be less cumbersome than SSH to accept passwords from variety of sources.

hayalci
  • 3,611
  • 3
  • 25
  • 37