pi-encrypted-boot-ssh
wireguard-initramfs
pi-encrypted-boot-ssh | wireguard-initramfs | |
---|---|---|
3 | 10 | |
170 | 275 | |
- | - | |
5.5 | 4.7 | |
4 months ago | 4 months ago | |
Shell | ||
- | The Unlicense |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
pi-encrypted-boot-ssh
-
The curious case of the Raspberry Pi in the network closet (2019)
That's a very obvious and very obviously bad way of planting a network exploit. Very rookie and rather sad.
In entirely unrelated news, this guide details how to set up an encrypted boot process on a raspberry pi, with it waiting for you(r forked login agent) to ssh in and provide the LUKS password: https://github.com/ViRb3/pi-encrypted-boot-ssh
-
Raspberry Pi with encrypted root
It's pretty easy to setup on a fresh install, and you can use dropbear to input the password remotely: https://github.com/ViRb3/pi-encrypted-boot-ssh
-
Connect to remote encrypted SSH Client
Encrypt RPI Boot: https://github.com/ViRb3/pi-encrypted-boot-ssh
wireguard-initramfs
- How to avoid typing password of LUKS encrypted server every boot?
-
Fedora Workstation Aiming To Improve Encryption, Possibly Encrypted Disk By Default In The Future
Some other interesting things are providing keys over the network, or leveraging Wireguard and SSH to remotely unlock.
-
Encrypt Raspberry Pi?
For vulnerabilities: even if dropbear was vulnerable in some way, it’s running in a pre-boot initramfs with a restricted shell which can be locked down even further to prevent escalation. To add another layer of security, you can run Wireguard in initramfs and have dropbear configured to be accessible from only the vpn network: https://github.com/r-pufky/wireguard-initramfs
-
I self host on my desktop, but it likes to crash. Any advice on remotely resetting a frozen system?
Once you manage to reset the system, wireguard-initramfs should work if you need to SSH into it from outside the LAN, though the project is only currently supported on Debian. Within the LAN, dropbear in your initramfs should be enough.
-
How can I encrypt the whole disk on cloud hosts to prevent them from seeing my data in backups/snapshots?
There are other initramfs packages available that expand features such as wireguard capability: https://github.com/r-pufky/wireguard-initramfs
- Connect to remote encrypted SSH Client
- r-pufky/wireguard-initramfs - Enables wireguard networking during kernel boot, before encrypted partitions are mounted. Combined with dropbear this can enable FULLY ENCRYPTED remote booting without storing key material or exposing ports on the remote network.
-
wireguard-initramfs for debian bullseye (e.g. dropbear over wireguard) [working]
FYI, this is now the case. 2021-07-04
Just posted the first rev of wireguard-initramfs for debian bullseye.
What are some alternatives?
disk-encryption-hetzner - Encrypt a hetzner server from the "serverbörse" and unlock it remote via ssh
dracut-sshd - Provide SSH access to initramfs early user space on Fedora and other systems that use Dracut
initramfs-tools-tailscale - Tailscale enabled initramfs
ramroot - Load root file system to ram during boot.
gba-remote-play - 📡 Stream Raspberry Pi games to a GBA via Link Cable.
yubikey-full-disk-encryption - Use YubiKey to unlock a LUKS partition
onelinerhub - Thousands of code solutions with clear explanation @ onelinerhub.com
dracut - dracut the event driven initramfs infrastructure
secure-wireguard-implementation - A guide on implementing a secure Wireguard server on OVH (or any other Debian VPS) with DNSCrypt, Port Knocking & an SSH-Honeypot
Unlock-LUKS-Encryption-Remotely - 🔑 How to unlock a LUKS encrypted Linux server remotely.
wireguard-install - WireGuard road warrior installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS and Fedora