![]() ![]() # Switch back to root exit gkb2gs - gentoo-kernel-bin config to gentoo-sources ![]() Gpgconf -homedir /tmp/gpgHomeDir -kill all mnt/gentoo/etc/portage/patches/sys-kernel/genkernel/02_defaults_initrd.scripts_dosshd.patch: OK mnt/gentoo/etc/portage/patches/sys-kernel/genkernel/01_defaults_: OK mnt/gentoo/etc/portage/patches/sys-kernel/genkernel/00_defaults_linuxrc.patch: OK Sed 's| | /mnt/gentoo/etc/portage/patches/sys-kernel/genkernel/|' /tmp/genkernel_sha512.txt | sha512sum -c. Gpg: issuer Good signature from "David Sardari " ![]() Gpg -homedir /tmp/gpgHomeDir -verify /tmp/genkernel_ /tmp/genkernel_sha512.txt Btw, the GPG key is the same one I use to sign my commits: # All following commands are executed by non-root. Verify the patches (copy&paste one after the other): # Switch to non-root user. Print out fingerprints to double check upon initial SSH connection to the SystemRescueCD system: find /etc/ssh/ -type f -name "ssh_host*\.pub" -exec ssh-keygen -lf /\"" > /tmp/genkernel_ # Alternatively, setup /root/.ssh/authorized_keys Iptables -I INPUT 4 -p tcp -dport 22 -j ACCEPT -m conntrack -ctstate NEW # Insert iptables rules at correct place for SystemRescueCD to accept SSH clients. # Make sure you have enough entropy for cryptsetup's "-use-random" Gentoo Linux system: ssh -p 50022 Initramfs system to LUKS unlock remotely (further info at the bottom of this page): ssh -p 50023 /etc/nf.After boot into rescue system based upon a customised SystemRescueCDĪfter completion of this installation guide, SSH connections will be possible via SSH public key authentication to the:.Remote: SSH login into initramfs+dropbear system, manual decryption of LUKS partitions and resumption of Gentoo Linux boot.Locally: One-time password entry and automatic decryption of LUKS partitions (multiple root and swap partitions) in further boot process via LUKS keyfile stored in initramfs which itself is stored on LUKS encrypted partition(s).The following installation guide results in a fully encrypted, Secure Boot signed (EFI binary/binaries) and GnuPG signed (kernel, initramfs, microcode etc.) system with heavy use of RAID (mdadm and BTRFS based) and support for LUKS unlock: Make sure that the system is in Setup Mode in order to be able to add your custom keys. ⚠The installation guide builds heavily on Secure Boot. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |