From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <wagner@tansi.org>
Received: from tansi.org (ns.km10532-04.keymachine.de [87.118.102.195])
 by mail.saout.de (Postfix) with ESMTP
 for <dm-crypt@saout.de>; Tue, 21 Dec 2010 06:27:44 +0100 (CET)
Received: from gatewagner.dyndns.org (84-74-164-239.dclient.hispeed.ch
 [84.74.164.239]) by tansi.org (Postfix) with ESMTPA id A54F6121834A
 for <dm-crypt@saout.de>; Tue, 21 Dec 2010 06:27:42 +0100 (CET)
Date: Tue, 21 Dec 2010 06:27:41 +0100
From: Arno Wagner <arno@wagner.name>
Message-ID: <20101221052741.GA24184@tansi.org>
References: <AANLkTimByH0MOEVfRumEA--kCow9Ng8mYVQtcaG=Kshu@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <AANLkTimByH0MOEVfRumEA--kCow9Ng8mYVQtcaG=Kshu@mail.gmail.com>
Subject: Re: [dm-crypt] Remote unlock security
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de


Hi David,
On Mon, Dec 20, 2010 at 08:05:25PM +0100, David Jacquet wrote:
> Hi,
> 
> I am trying to configure my server to be able to be unlocked via ssh and
> dropbear. From the README.gz
> I understand that I can issue the command:
> 
> ssh -o "UserKnownHostsFile=~/.ssh/known_hosts.initramfs" \
> -i "~/id_rsa.initramfs" root@initramfshost.example.com \
> "echo -ne \"secret\" >/lib/cryptsetup/passfifo"
> 
> What exactly will happen with the "secret" string? Will it be written to an
> unprotected part of a hard drive. 

I do not understand what "passfifo" is suppoded to do, you 
should probably do something like this instead:

ssh "cat <file-with-secret> | cryptsetyp --key-file - <other options>"

> If so
> it may be retrieved by a careful investigation of that drive. From my non
> expert and humble opinion, a key (as
> the "secret") should only be stored on RAM (and erased even from the RAM as
> soon as possible).

Indeed. However "as soon as possible" is on device removal from
LUKS/dm-crypt control.
 
> Even if only stored in the RAM, I guess that the "secret" string will be
> stored in the .bash_history file on the
> computer from which the ssh-command was issued. 

Therefore never show it to bash.

> I guess it is more
> recommended to log into the remote
> computer and then issue ( cat > /lib/cryptsetup/passfifo --> "secret" -->
> CTRL+D, will that work?)

Still don't get what "passfifo" is for. Is this some contruction
like this?

  mkfifo passfifo
  cryptsetup --key-file passfifo

Arno
-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier