On Fri, Feb 15, 2008 at 03:47:45PM +0100, [EMAIL PROTECTED] wrote: > this patch is part of three patches (initramfs-tools, cryptsetup, dropbear) > which enable mkinitramfs to create initramfss that provide the ability to > log in and unlock a cryptroot during the boot process from remote via ssh. > > initramfs script, hook-script, and config are added. > openssh-client is promoted from suggested to recommended, because in case > of a cryptroot with dropbear it's not really unimportant that mkinitramfs > is able to create authorization keys. also udev is needed for dropbear in > initramfs.
Hi, if I understand the concept correctly, the initial ramdisk isn't encrypted, and holds the ssh host key. Doesn't this enable an attacker to steal the cryptroot passphrase? Regards, Gerrit. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
