Jonathan Dowland wrote: > What you describe is exactly how the dropbear/initramfs integration > works. The data stored in /boot is the initramfs, and within that, the > only material you might consider sensitive is an SSH server keypair > (public&private) for the SSHD instance in the initramfs environment - > this does not need to be the same as for your running system; and an > authorized_keys file, containing your SSH *public* key. Are those too > sensitive for you? >
thanks I read and this is what I think. I wanted to know how the other project can be adapted. I think dropbear is very close to what I wanted to have. > I suspect you could probably do without the SSHD public/private keypair > and have the initramfs environment generate a new pair each time, but > then you'd have no chain of trust for connecting to it; so you have to > weigh up those two scenarios. Yes it is two faces of same evil, but I would trust the guys behind dropbear and adopt what they suggest. regards