# initramfs + sshd + luks [solved]

## Zubziro

Hi

Need help to build initramfs with sshd + luks support to remote mount root.

Anyone has this setup up and running?

/thanksLast edited by Zubziro on Thu Jun 06, 2013 11:17 am; edited 1 time in total

----------

## Zubziro

Hi all

I fixed it.

followed http://whitehathouston.com/documentation/gentoo/initramfs_howto.htm to get basic initramfs upp and running

then emerged:

```
 net-misc/dropbear-2012.55  USE="pam zlib -bsdpty -minimal -multicall -savedconfig -static -syslog"
```

note '-static' static & pam together wont compile and i couldn't get password authentication of dropbear work without pam.

cp /usr/sbin/dropbear /usr/src/initramfs/usr/sbin

copied som libs + NIC module from /lib to /usr/src/initramfs/lib:

```
-rwxr-xr-x 1 root root 142K Jun  4 20:55 ld-2.15.so

lrwxrwxrwx 1 root root   10 Jun  6 08:41 ld-linux-x86-64.so.2 -> ld-2.15.so

-rwxr-xr-x 1 root root 1.7M Jun  4 20:55 libc-2.15.so

lrwxrwxrwx 1 root root   12 Jun  6 08:41 libc.so.6 -> libc-2.15.so

-rwxr-xr-x 1 root root  35K Jun  6 08:19 libcrypt.so.1

-rwxr-xr-x 1 root root  87K Jun  6 08:13 libnsl.so.1

-rwxr-xr-x 1 root root  51K Jun  4 20:55 libnss_files-2.15.so

lrwxrwxrwx 1 root root   20 Jun  6 08:41 libnss_files.so.2 -> libnss_files-2.15.so

-rwxr-xr-x 1 root root  11K Jun  6 08:14 libutil.so.1

lrwxrwxrwx 1 root root   13 Jun  6 08:41 libz.so.1 -> libz.so.1.2.7

-rwxr-xr-x 1 root root  87K Jun  4 20:55 libz.so.1.2.7

drwxr-xr-x 3 root root 4.0K Jun  4 20:55 modules
```

setup in /usr/src/initramfs/etc:

```
drwxr-xr-x 2 root root 4.0K Jun  5 17:19 dropbear

-rw-r--r-- 1 root root   13 Jun  5 19:55 group

-rw-r--r-- 1 root root 2.1K Jun  4 20:55 ld.so.cache

-rw-r--r-- 1 root root  224 Jun  4 20:55 ld.so.conf

-rw-r--r-- 1 root root   41 Jun  6 07:57 nsswitch.conf

-rw-r--r-- 1 root root   29 Jun  6 09:21 passwd

-rw-r----- 1 root root  116 Jun  5 19:56 shadow

./dropbear:

total 8.0K

-rw------- 1 root root 457 Jun  5 17:19 dropbear_dss_host_key

-rw------- 1 root root 806 Jun  5 17:19 dropbear_rsa_host_key

```

removed everything from passwd shadow group except root.

change shell in passwd to /bin/sh

cat nsswitch.conf:

```

passwd: files

shadow: files

group: files

```

populate /usr/src/initramfs/bin/

```

for i in $(busybox --list)

do

 ln -s busybox /usr/src/initramfs/bin/$i

done

```

my initscript /usr/src/initramfs/init:

```

#!/bin/busybox sh

# temporarily mount proc and sys

mount -t proc none /proc

mount -t sysfs none /sys

mount -t devtmpfs none /dev

mkdir /dev/pts

mount -t devpts devpts /dev/pts

modprobe r8168

ifconfig eth0 192.168.0.5

ifconfig eth1 192.168.1.5

/usr/sbin/dropbear -FEjkm

mount -o ro /dev/mapper/root /mnt/root || /bin/reboot -f

#---clean up---

rmmod r8168

umount /dev/pts

umount /proc

umount /sys

umount /dev

exec switch_root /mnt/root /sbin/init

```

then boot, ssh to dropbear and run:

```
/sbin/cryptsetup -T 5 luksOpen /dev/sda2 root

/bin/killall dropbear

```

if cryptsetup mount is OK system will boot otherwise system will reboot and i can start over again.

Hope this will be helpfull to someone.

----------

## foobar23

Thank you very much!

----------

