How to Automatically unlock luks *and* ask for password?
by bt101 from LinuxQuestions.org on (#4X05M)
I have Ubuntu 18.04 server with full disk encryption (luks). /boot is not encrypted. It works great. I need to enter a password to unlock the rest and continue booting.
As it is a server, I want to boot without the user entering a password (to come back from a power fail). I actually do have that working with a script that checks for the luks key on a remote device (either a usb key or web server). If it fails to get the key, then the script falls back to asking the user for the password.
Here's the problem... once the script falls back to asking the user for a password, it is stuck there until someone enters the password and it won't keep trying to get the remote key.
I want to make it keep trying to access the remote key forever, and also ask the user for a password (I don't want it stuck on one or the other). How can this be done? Can it do both simultaneously? Or can it at least fall back to asking the user and timeout after 60 seconds and keep looping to try the remote key, then the user?
Here is where I got the script that gets the key from a web server:
https://github.com/stupidpupil/https-keyscript
Here is the script for this implementation:
https://github.com/stupidpupil/https...ts/wget_or_ask
Here is where I got the script that gets the key from a usb thumb drive (script is on the page):
https://www.joshbialkowski.com/posts...aster-key.html
In both cases, they are stuck when asking the user for the password.
Just to anticipate some responses:
Pls - I don't want an ssh server where a user has to enter the password. I tried mandos and it was full of bugs. I looked at clevis, and would really just prefer a simple scripts solution.
Thanks
As it is a server, I want to boot without the user entering a password (to come back from a power fail). I actually do have that working with a script that checks for the luks key on a remote device (either a usb key or web server). If it fails to get the key, then the script falls back to asking the user for the password.
Here's the problem... once the script falls back to asking the user for a password, it is stuck there until someone enters the password and it won't keep trying to get the remote key.
I want to make it keep trying to access the remote key forever, and also ask the user for a password (I don't want it stuck on one or the other). How can this be done? Can it do both simultaneously? Or can it at least fall back to asking the user and timeout after 60 seconds and keep looping to try the remote key, then the user?
Here is where I got the script that gets the key from a web server:
https://github.com/stupidpupil/https-keyscript
Here is the script for this implementation:
https://github.com/stupidpupil/https...ts/wget_or_ask
Here is where I got the script that gets the key from a usb thumb drive (script is on the page):
https://www.joshbialkowski.com/posts...aster-key.html
In both cases, they are stuck when asking the user for the password.
Just to anticipate some responses:
Pls - I don't want an ssh server where a user has to enter the password. I tried mandos and it was full of bugs. I looked at clevis, and would really just prefer a simple scripts solution.
Thanks