Check and unlock full disk encrypted systems via ssh
Project description
(GitLab CI) - 
(Travis CI) - 
- 
FDEunlock – Check and unlock full disk encrypted systems via ssh
This script allows you to unlock full disk encrypted GNU/Linux systems via ssh after checking that the system has not been tampered with.
Usage example
Checkout the following example:
fdeunlock --host fde-server.example.org-initramfs INFO, 2017-03-29 10:27:41,822: Host offline. Attempting to start using: virsh -c qemu:///system start fde-server Domain fde-server started INFO, 2017-03-29 10:27:42,726: Start command returned with: 0 INFO, 2017-03-29 10:27:48,257: Host offline. Waiting … INFO, 2017-03-29 10:27:53,264: Ping result: 198.51.100.23 : [0], 84 bytes, 0.51 ms (0.51 avg, 0% loss) INFO, 2017-03-29 10:27:53,270: Running Network based checkers: LinkLayerAddressChecker, UnauthenticatedLatencyChecker INFO, 2017-03-29 10:27:53,273: Link layer address matches the trusted once. INFO, 2017-03-29 10:27:53,283: ICMP ping round trip time: 0.7300 ms INFO, 2017-03-29 10:27:53,283: Latency is within the boundaries. INFO, 2017-03-29 10:27:54,296: SSH session to initramfs established. INFO, 2017-03-29 10:27:54,296: Running SSH based checkers: ChecksumChecker, AuthenticatedLatencyChecker INFO, 2017-03-29 10:27:57,487: Checksums match the trusted once. INFO, 2017-03-29 10:27:57,559: Latency to execute a command over SSH and get the response back: 71.6000 ms INFO, 2017-03-29 10:27:57,560: Trusted latency: 60.256694030762 INFO, 2017-03-29 10:27:57,560: Current latency: 71.61283493041992 Choose one of 'save', 'ignore' (for current run) or anything else to exit: save INFO, 2017-03-29 10:28:02,739: All 4 checks passed. INFO, 2017-03-29 10:28:02,820: Passing key for vda3_crypt to host fde-server.example.org-initramfs. INFO, 2017-03-29 10:28:05,140: Could not retrieve key for vdb3_crypt (host fde-server.example.org-initramfs). Please enter key for vdb3_crypt (or store it in a vault): INFO, 2017-03-29 10:28:28,155: Passing key for vdb3_crypt to host fde-server.example.org-initramfs. INFO, 2017-03-29 10:28:43,322: System should be booting now.
The host fde-server.example.org-initramfs was defined in the ssh configuration ~/.ssh/config and the key for vda3_crypt was provided in /home/user/.config/fdeunlock/keys/fde-server.example.org-initramfs_vda3_crypt.key. And last but not least, the start command was configured in /home/user/.config/fdeunlock/config.cfg.
Repositories
Documentation
License
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
File details
Details for the file fdeunlock-0.7.1-py3-none-any.whl.
File metadata
- Download URL: fdeunlock-0.7.1-py3-none-any.whl
- Upload date:
- Size: 18.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 5fc408db041d4972c8b67e42e2f60282acda05289b5bb9e43858930e42914cef |
|
| MD5 | c7de2882bcd9247b02214f26211378da |
|
| BLAKE2b-256 | f9d074779ac54293dafb83107410575dca71809725559a2d00de39d54bc6e1e8 |
