Remote disk unlocking: Difference between revisions
Added a point about publishing the initrd hostname when using DHCP. |
Add more description about authorizedKeys and hostKeys |
||
| Line 3: | Line 3: | ||
== Setup == | == Setup == | ||
Generate host key for the SSH daemon which will run in initrd during boot | Generate host key for the SSH daemon which will run in initrd during boot (required) | ||
<syntaxhighlight lang=" | <syntaxhighlight lang="console"> | ||
# mkdir -p /etc/secrets/initrd | # mkdir -p /etc/secrets/initrd | ||
# ssh-keygen -t ed25519 -N "" -f /etc/secrets/initrd/ssh_host_ed25519_key | # ssh-keygen -t ed25519 -N "" -f /etc/secrets/initrd/ssh_host_ed25519_key | ||
| Line 22: | Line 22: | ||
enable = true; | enable = true; | ||
port = 22; | port = 22; | ||
authorizedKeys = [ "ssh-rsa AAAAyourpublic-key-here..." ]; | authorizedKeys = [ "ssh-rsa AAAAyourpublic-key-here..." ]; # The public key of the client (Not the public key created in the previous step) (required) | ||
hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ]; | hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ]; # The path of the private key created in the previous step (required) | ||
}; | }; | ||
postCommands = '' | postCommands = '' | ||