0

This is so specific... I'd like to be able to remotely log-in to a server.

  1. When it first boots it would run a script or set of instructions to contact an external server based upon network-hook (should yeild IP, doesn't need to be on the web, can just be network accessible)
  2. The web-hook will log IP, username
  3. In a background queue a network accessible external system can ssh in (assuming this is enabled by default with public-private key-pair) and setup an encrypted mount.
  4. The key would be stored externally to the server with the mount
  5. On boot it would trigger a request mount where the remote PC would connect and mount the device.

Further detail?

  • Is this possible via CLI alone?
  • If this is not possible, are there other cli (unattended scriptable) alternatives
  • Are there any open-source projects that can ease the administration of this?
MrMesees
  • 251

1 Answers1

1

My understanding of your question is that you want machine A to be able mount an encrypted drive - automatically/unattended/without user input - using a key stored on machine B.

If this is the intention, then you don't need SSH - there are easier ways just to let A fetch the key material from B.

For example, you can fetch the key over https, use link-local IPv6 UDP packets or consider mandos (which tries to solve a more complex problem, and is itself more complex accordingly).

These approaches all use 'keyscripts' (broadly) to take some action other than requesting a user-entered password in order to obtain key material. Not all GNU/Linux distributions support these smoothly, but Debian-derived ones (including Ubuntu) do.

(All the approaches I've linked above also try to support remote unlocking from an initramfs/initrd environment, but they'll work just as well once a machine is fully booted up.)

Community
  • 1
Zetetic
  • 11