Remote disk unlocking: Difference between revisions
imported>Makefu No edit summary |
imported>Riotbib Change from deprecated hostECDSAkey to hostKeys and from dropbear to ssh-keygen |
||
Line 9: | Line 9: | ||
It is very important that you create your SSH host keys upfront, otherwise you end up connecting to a server on the internet and typing in your disk encryption password without authenticating the machine on the remote end! | It is very important that you create your SSH host keys upfront, otherwise you end up connecting to a server on the internet and typing in your disk encryption password without authenticating the machine on the remote end! | ||
To create a hostkey | To create a hostkey rin | ||
<pre>ssh-keygen -t rsa -N "" -f /etc/secrets/initrd/ssh_host_rsa_key</pre> | |||
or | |||
<pre>ssh-keygen -t ed25519 -N "" -f /etc/secrets/initrd/ssh_host_ed25519_key</pre> | |||
==== Known hosts ==== | ==== Known hosts ==== | ||
Line 26: | Line 31: | ||
port = 22; | port = 22; | ||
authorizedKeys = "ssh-rsa AAAAyourpublic-key-here...."; | authorizedKeys = "ssh-rsa AAAAyourpublic-key-here...."; | ||
hostKeys = [ "/etc/secrets/initrd/ssh_host_rsa_key" "/etc/secrets/initrd/ssh_host_ed25519_key" ]; | |||
}; | }; | ||
</pre> | </pre> |