Ansible-Playbook zum Einrichten von Initramfs-Dropbear für LUKS-Entschlüsselung über SSH
Das Anwenden dieses Playbooks installiert Dropbear in Initramfs.
Stellen Sie sicher, dass Sie einen oder mehrere RSA-Schlüssel in luks-dropbear-authorized_keys.pub im selben Verzeichnis wie dieses Playbook haben. Ed25519-Schlüssel werden von Dropbear derzeit nicht unterstützt.
initramfs_dropbear_playbook.yml
---
- name: Configure remote LUKS unlocking with Dropbear
hosts: all
become: true
vars:
dropbear_auth_keys_path: /etc/dropbear/initramfs/authorized_keys
tasks:
- name: Install required packages
apt:
name:
- cryptsetup
- dropbear
- dropbear-initramfs
- dropbear-bin
state: present
update_cache: yes
register: apt_install_result
- name: Ensure the Dropbear initramfs directory exists
file:
path: /etc/dropbear/initramfs
state: directory
mode: '0755'
- name: Copy SSH public key to Dropbear authorized_keys
copy:
src: luks-dropbear-authorized_keys.pub
dest: "{{ dropbear_auth_keys_path }}"
mode: '0600'
register: auth_keys_result
- name: Reconfigure Dropbear initramfs
shell: dpkg-reconfigure dropbear-initramfs
when: apt_install_result.changed or auth_keys_result.changed
- name: Update initramfs
shell: update-initramfs -u
when: apt_install_result.changed or auth_keys_result.changedCheck out similar posts by category:
Ansible, Linux, Cryptography
If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow