I'm trying to have dropbear remote ssh boot on a debian system which is encrypted with lvm crypto luks.
I can get it work on my raspberry pi but not on my regular system
steps:
1 install debian with encrypted LVM
ls -l /lib/modules/ |awk -F" " '{print $9}'
mkinitramfs -o /boot/initramfs.gz
echo initramfs initramfs.gz >> /boot/config.txt
then create an rsa ssh key with the following line in front and save it to /etc/dropbear-initramfs/authorized_keys:
command="/scripts/local-top/cryptroot && kill -9 `ps | grep -m 1 'cryptroot' | cut -d ' ' -f 3`" ssh...
then:
mkinitramfs -o /boot/initramfs.gz
reboot
i can type the password and decrypt with a keyboard but when i login with ssh I get :
/scripts/local-top/cryptroot: line 218: modprobe: not found
/scripts/local-top/cryptroot: line 378: blkid: not found
/scripts/local-top/cryptroot: line 378: blkid: not found
/scripts/local-top/cryptroot: line 378: blkid: not found
/scripts/local-top/cryptroot: line 378: blkid: not found
/scripts/local-top/cryptroot: line 378: blkid: not found
...
please help?
extra info:
my blkid
/dev/sda1: UUID="42a9ca50-b757-4e11-985f-8fc75323b598" TYPE="ext2" PARTUUID="38de37f0-01"
/dev/sda5: UUID="3448b157-a1f9-4f6a-a1ea-37e6362cdea8" TYPE="crypto_LUKS" PARTUUID="38de37f0-05"
/dev/mapper/sda5_crypt: UUID="nzAaP7-Ocx9-BJzO-BM7S-SQcY-BHqp-tbgvH6" TYPE="LVM2_member"
/dev/mapper/deb--vg-root: UUID="f8ec5b07-75fe-4870-9fb6-9e9035d21a20" TYPE="ext4"
/dev/mapper/deb--vg-swap_1: UUID="ff915ae6-210f-4bbb-8988-b30aacae3dea" TYPE="swap"
my /etc/fstab
/dev/sda1: UUID="42a9ca50-b757-4e11-985f-8fc75323b598" TYPE="ext2" PARTUUID="38de37f0-01"
/dev/sda5: UUID="3448b157-v4a5-4f6a-a1ea-28e6362cdea9" TYPE="crypto_LUKS" PARTUUID="38de37f0-05"
/dev/sdb1: UUID="CC55-BAFE" TYPE="vfat" PARTUUID="0000370e-01" /dev/mapper/sda5_crypt: UUID="nzAaP7-Ocx9-BJzO-BM7S-SQcY-BHqp-tbgvH6" TYPE="LVM2_member"
/dev/mapper/theproject1--vg-root: UUID="f8ec5b07-75fe-4870-9fb6-9e9035d21a20" TYPE="ext4"
/dev/mapper/theproject1--vg-swap_1: UUID="ff915ae6-210f-4bbb-8988-b30aacae3dea" TYPE="swap"
my /etc/crypttab
sda5_crypt UUID=3448b157-v4a5-4f6a-a1ea-28e6362cdea9 none luks,discard
I had a similar issue, but different resolution.
I have a encrypted Kali Linux computer and use the dropbear-initramfs package to unlock the root disk at boot remotely over the dropbear ssh session using cryptroot-unlock.
This worked fine for a long time, but after some update it stopped working. I could SSH to the initramfs disk dropbear session but when I did "cryptroot-unlock" it would hang and I would get the error "Error: Timeout reached while waiting for askpass."
Eventually I found the solution:-
https://www.mail-archive.com/debian-bugs-dist#lists.debian.org/msg1687842.html
Basically to fix I uninstalled "cryptsetup-nuke-password" package "apt remove cryptsetup-nuke-password". Then rebooted and then I could successfully open the encrypted /root partition remotely via the dropbear-initramfs.
If you are getting the error "Error: Timeout reached while waiting for askpass." when ssh'ed to your dropbear-initramfs at boot, trying to cryptroot-unlock the drive. To confirm if the issue is the same as mine then do a "ps" and look through the processes running. If see something similar to "/lib/cryptsetup/askpass.cryptsetup Please unlock disk .." then I suggest logging on via the console and removing "cryptsetup-nuke-password", to resolve the issue.
Related
I have read that RSYNC over SSH requires a single colon : after USER#HOST, whereas connecting directly to a daemon require a double colon ::. However in order to get my RSYNC command line to work shown below, i have to use a double colon?? Can someone please explain this? download is the name of the remote virtual directory.
Cheers,
rsync -trv --progress --timeout=10 -e 'ssh -p 46000' hexfeed#11.22.33.44::download /tmp/test1
The :: tells this rsync command to expect the remote to be already running a daemon, but the -e then says that instead of opening a network connection to the given server at the default port of 873, it should run the command ssh... to create the connection and expect a daemon at the other end.
This can only work if the remote runs a command like rsync --server --daemon --config=somefile . when you login via ssh -p 46000.
I'm installing openstack using All-In-One Single Machine setup, I run stack.sh script for devstack setup. On starting glance service I'm getting following error on my console:
++:: curl -g -k --noproxy '*' -s -o /dev/null -w '%{http_code}' http://10.10.20.10/image
+:: [[ 503 == 503 ]]
+:: sleep 1
+functions:wait_for_service:485 rval=124
+functions:wait_for_service:490 time_stop wait_for_service
+functions-common:time_stop:2310 local name
+functions-common:time_stop:2311 local end_time
+functions-common:time_stop:2312 local elapsed_time
+functions-common:time_stop:2313 local total
+functions-common:time_stop:2314 local start_time
+functions-common:time_stop:2316 name=wait_for_service
+functions-common:time_stop:2317 start_time=1602763779096
+functions-common:time_stop:2319 [[ -z 1602763779096 ]]
++functions-common:time_stop:2322 date +%s%3N
+functions-common:time_stop:2322 end_time=1602763839214
+functions-common:time_stop:2323 elapsed_time=60118
+functions-common:time_stop:2324 total=569
+functions-common:time_stop:2326 _TIME_START[$name]=
+functions-common:time_stop:2327 _TIME_TOTAL[$name]=60687
+functions:wait_for_service:491 return 124
+lib/glance:start_glance:480 die 480 'g-api did not start'
+functions-common:die:198 local exitcode=0
+functions-common:die:199 set +o xtrace
[Call Trace]
./stack.sh:1306:start_glance
/opt/stack/devstack/lib/glance:480:die
[ERROR] /opt/stack/devstack/lib/glance:480 g-api did not start
Error on exit
World dumping... see /opt/stack/logs/worlddump-2020-10-15-121040.txt for details
neutron-dhcp-agent: no process found
neutron-l3-agent: no process found
neutron-metadata-agent: no process found
neutron-openvswitch-agent: no process found
I also tried to increase timeout duration but then also it failed and also verifyied devstack#g-api.service is in active state. Can someone let me know what is the exect reason behind this issue and how to resolve it.
The only solution is to reload the entire system, including the os
I am trying to run rsync as follows and running into error sshpass: Failed to run command: No such file or directory .I verified the source /local/mnt/workspace/common/sectool and destination directories/prj/qct/wlan_rome_su_builds are available and accessible?what am I missing?how to fix this?
username#xxx-machine-02:~$ sshpass –p 'password' rsync –progress –avz –e ssh /local/mnt/workspace/common/sectool cnssbldsw#hydwclnxbld4:/prj/qct/wlan_rome_su_builds
sshpass: Failed to run command: No such file or directory
Would that be possible for you to check whether 'rsync' works without 'sshpass'?
Also, check whether the ports used by rsync is enabled. You can find the port info via cat /etc/services | grep rsync
The first thing is to make sure that ssh connection is working smoothly. You can check this via "sudo ssh -vvv cnssbldsw#hydwclnxbld4" (please post the message). In advance, If you are to receive any messages such as "ssh: connect to host hydwclnxbld4 port 22: Connection refused", the issue is with the openssh-server (not being installed or a broken package). Let's see what you get you get for the first command
OS: Ubuntu14.04 64 bit
I have a strange problem occuring on machines with Nvidia cards running Ubuntu 14.04 64 bit.
The mount command works when using the IP address but fails when using the host name
Not-working command :
sudo -S mount -t cifs //share.test.com/LAB/Testing/Path1/Path2/Requisite/ -o username=blabla,password=blabla /mnt/src_shar_lnx
the error being
mount: wrong fs type, bad option, bad superblock on //share.test.com/LAB/Testing/Path1/Path2/Requisite/ ,
missing codepage or helper program, or other error
(for several filesystems (e.g. nfs, cifs) you might
need a /sbin/mount.<type> helper program)
In some cases useful info is found in syslog - try
dmesg | tail or so
The above command works seamlessly on other machines without Nvidia cards.
Working command:
sudo -S mount -t cifs //192.168.200.1/LAB/Testing/Path1/Path2/Requisite/ -o username=blabla,password=blabla /mnt/src_shar_lnx
Resolved.
installing cifs-utils solved the problem
I'm trying to run Image application from server "bert"
I connected through my OSX Maverick as
ssh ak324#bert.eecs.qmul.ac.uk
I compiled my file with
$ make
but when I run the resulting file
$ ./window
it gives me the following error:
Error: Unable to initialize gtk, is DISPLAY set properly?
How can I solve this problem?
You should connect with the -X or -Y option to be able to launch graphical applications:
ssh -X ak324#bert.eecs.qmul.ac.uk
If that doesn't help, you should consult /etc/ssh/sshd_config whether X11Forwarding is enabled.
On macOS you need to install xquartz for x11 support https://support.apple.com/de-de/HT201341.
Then you can connect with
ssh -Y ak324#bert.eecs.qmul.ac.uk
Try running ssh with the flags -Y -v.
If the following line appears on the terminal during the ssh connection, install xauth on your remote system.
debug1: Remote: No xauth program; cannot forward with spoofing.
As suggested here.