ghalkes:~# command line tools

rcryptroot

About rcryptroot

The scripts in the rcryptroot package evolved from the desire to combine full-disk encryption with a headless server. The problem that arises is that to boot the machine, the password for the root partition must be entered. As the server is headless, this cannot be done on the console, and therefore a different solution must be created. The solution chosen in this package is to include an ssh server in the pre-boot environment (initramfs) that allows one to log in and enter the disk decryption password.

A related issue is that other partitions on the (headless) server may also be encrypted. If these use the same password as the root partition, it could be desirable to unlock all of them by only entering the password once. In this case several solutions are possible. For example, one could store the password in a key file on the root partition. However, I prefer not to have plain-text passwords stored on disk, so this solution was not an option. The solution employed in this package stores the password typed in before the boot proper on a ramdisk. The ramdisk is then mounted in the real filesystem, where it is removed after the other encrypted partitions are mounted.

WARNING: use of this package may seriously damage your system. Always make a full backup before use. You and you alone are responsible for any damage resulting from use.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

Note: This package is only usable on Debian and Debian-based systems like Ubuntu.

News

rcryptroot version 1.1 released

This release of rcryptroot adds the option to install an ssh login banner.

10-01-2009

rcryptroot version 1.0 released

This is the initial release of rcryptroot.

25-12-2008

Download

rcryptroot is available here. Older releases are available here.

Contact

You can reach me at: rcryptroot @ REMOVE ghalkes.nl.

Copyright Notice

Copyright © 2008-2009 G.P. Halkes
rcryptroot is distributed under the GNU General Public License version 3.

Open Source Projects


© 2005-2010 G. Halkes - All rights reserved

last modified: 10-01-2009 10:52:12 CET