通过ssh检查并解锁全磁盘加密系统
fdeunlock的Python项目详细描述
fdeunlock–通过ssh检查和解锁全磁盘加密系统
此脚本允许您通过ssh解锁完全磁盘加密的gnu/linux系统 在检查系统没有被篡改之后。
用法示例
签出以下示例:
fdeunlock --host fde-server.example.org-initramfs INFO, 2017-03-29 10:27:41,822: Host offline. Attempting to start using: virsh -c qemu:///system start fde-server Domain fde-server started INFO, 2017-03-29 10:27:42,726: Start command returned with: 0 INFO, 2017-03-29 10:27:48,257: Host offline. Waiting … INFO, 2017-03-29 10:27:53,264: Ping result: 198.51.100.23 : [0], 84 bytes, 0.51 ms (0.51 avg, 0% loss) INFO, 2017-03-29 10:27:53,270: Running Network based checkers: LinkLayerAddressChecker, UnauthenticatedLatencyChecker INFO, 2017-03-29 10:27:53,273: Link layer address matches the trusted once. INFO, 2017-03-29 10:27:53,283: ICMP ping round trip time: 0.7300 ms INFO, 2017-03-29 10:27:53,283: Latency is within the boundaries. INFO, 2017-03-29 10:27:54,296: SSH session to initramfs established. INFO, 2017-03-29 10:27:54,296: Running SSH based checkers: ChecksumChecker, AuthenticatedLatencyChecker INFO, 2017-03-29 10:27:57,487: Checksums match the trusted once. INFO, 2017-03-29 10:27:57,559: Latency to execute a command over SSH and get the response back: 71.6000 ms INFO, 2017-03-29 10:27:57,560: Trusted latency: 60.256694030762 INFO, 2017-03-29 10:27:57,560: Current latency: 71.61283493041992 Choose one of 'save', 'ignore' (for current run) or anything else to exit: save INFO, 2017-03-29 10:28:02,739: All 4 checks passed. INFO, 2017-03-29 10:28:02,820: Passing key for vda3_crypt to host fde-server.example.org-initramfs. INFO, 2017-03-29 10:28:05,140: Could not retrieve key for vdb3_crypt (host fde-server.example.org-initramfs). Please enter key for vdb3_crypt (or store it in a vault): INFO, 2017-03-29 10:28:28,155: Passing key for vdb3_crypt to host fde-server.example.org-initramfs. INFO, 2017-03-29 10:28:43,322: System should be booting now.
主机fde-server.example.org-initramfs在ssh中定义 已提供配置~/.ssh/config和vda3_crypt的密钥 在里面 /home/user/.config/fdeunlock/keys/fde-server.example.org-initramfs_vda3_crypt.key。 最后但并非最不重要的是,start命令在 /home/user/.config/fdeunlock/config.cfg。