Skip to main content

Check and unlock full disk encrypted systems via ssh

Project description

GitLab CI Build Status (GitLab CI) - Travis CI Build Status (Travis CI) - coverage report - Read the Docs CII Best Practices
Version License Python versions dev status pypi monthly downloads

FDEunlock – Check and unlock full disk encrypted systems via ssh

This script allows you to unlock full disk encrypted GNU/Linux systems via ssh after checking that the system has not been tampered with.

Usage example

Checkout the following example:

fdeunlock --host fde-server.example.org-initramfs
INFO, 2017-03-29 10:27:41,822: Host offline. Attempting to start using: virsh -c qemu:///system start fde-server
Domain fde-server started

INFO, 2017-03-29 10:27:42,726: Start command returned with: 0
INFO, 2017-03-29 10:27:48,257: Host offline. Waiting …
INFO, 2017-03-29 10:27:53,264: Ping result: 198.51.100.23 : [0], 84 bytes, 0.51 ms (0.51 avg, 0% loss)
INFO, 2017-03-29 10:27:53,270: Running Network based checkers: LinkLayerAddressChecker, UnauthenticatedLatencyChecker
INFO, 2017-03-29 10:27:53,273: Link layer address matches the trusted once.
INFO, 2017-03-29 10:27:53,283: ICMP ping round trip time: 0.7300 ms
INFO, 2017-03-29 10:27:53,283: Latency is within the boundaries.
INFO, 2017-03-29 10:27:54,296: SSH session to initramfs established.
INFO, 2017-03-29 10:27:54,296: Running SSH based checkers: ChecksumChecker, AuthenticatedLatencyChecker
INFO, 2017-03-29 10:27:57,487: Checksums match the trusted once.
INFO, 2017-03-29 10:27:57,559: Latency to execute a command over SSH and get the response back: 71.6000 ms
INFO, 2017-03-29 10:27:57,560: Trusted latency: 60.256694030762
INFO, 2017-03-29 10:27:57,560: Current latency: 71.61283493041992
Choose one of 'save', 'ignore' (for current run) or anything else to exit: save
INFO, 2017-03-29 10:28:02,739: All 4 checks passed.
INFO, 2017-03-29 10:28:02,820: Passing key for vda3_crypt to host fde-server.example.org-initramfs.
INFO, 2017-03-29 10:28:05,140: Could not retrieve key for vdb3_crypt (host fde-server.example.org-initramfs).
Please enter key for vdb3_crypt (or store it in a vault):
INFO, 2017-03-29 10:28:28,155: Passing key for vdb3_crypt to host fde-server.example.org-initramfs.
INFO, 2017-03-29 10:28:43,322: System should be booting now.

The host fde-server.example.org-initramfs was defined in the ssh configuration ~/.ssh/config and the key for vda3_crypt was provided in /home/user/.config/fdeunlock/keys/fde-server.example.org-initramfs_vda3_crypt.key. And last but not least, the start command was configured in /home/user/.config/fdeunlock/config.cfg.

Repositories

Documentation

Authors

License

GNU Affero General Public License v3 (AGPL-3.0)

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

fdeunlock-0.7.0-py3-none-any.whl (18.5 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page