Comments on HOWTO: Unlock A LUKS Encrypted Root Partition Via SSH On Ubuntu
HOWTO: Unlock A LUKS Encrypted Root Partition Via SSH On Ubuntu Fully encrypted systems prevent others from getting your data from physical access. The rationale behind the encryption of a complete system is that you don't have worry about what you encrypt and what not, because everything (except for the /boot) partition will be encrypted. However the problem I have encountered so far is, how could I reboot my computer from afar? I would be required to be in front of the computer and enter the password. I have wondered this far how I could reboot the computer remotely.
12 Comment(s)
Comments
Warning: If you issue the command
sudo passwd -l root
you will not be able run Cron jobs as user root or add new users.You will see "Authentication failure" messages in your syslog because the root account is marked as expired.
To fix this you have to edit your shadow file manually:
sudo vi /etc/shadow
Change the line similar to:
root:!:13919:0:99999:7::1:
toroot:!:13919:0:99999:7:::
I'm having issues getting this working on Ubuntu Lucid 10.04 Server. I get to the point where dropbear ssh runs and it asks for a password, but it does not accept it. I've tried my user and root. Can you write up a how to for Lucid Server?
-Chris
You need to change the option in /boot/grub/menu.lst to disable the splash screen, otherwise it will not allow you to ssh to the server
kernel /vmlinuz-2.6.24-19-generic root=/dev/mapper/sda4_crypt ro quiet splash
remove the "quiet splash" after the file system, or I changed mine to "ro quiet nosplash vga=790" I assume removing it works too
That one option cost me about 1 1/2 hours because the system just boots up normal and it seems like you did something wrong, when actually it is working but GDM (I think) has started before the ssh server can so you have to enter in the password locally.
This is a patch for mkinitrd that will let you ssh with your root account and unlock the box
I threw in some addition tools , like scp, ssh, rsync, badblocks, shred
you can remove/add more tools by editing the variable extratools="" in the script ...
it will auto insert the libs dependency needed for running the tools in the initrd archive
--- /sbin/mkinitrd 2009-09-03 19:58:30.000000000 -0400
+++ ./mkinitrd 2010-04-28 02:27:07.000000000 -0400
@@ -119,7 +119,7 @@
cmd=error
fi
- $cmd "usage: `basename $0` [--version] [--help] [-v] [-f] [--preload <module>]"
+ $cmd "usage: `basename $0` [--version] [--help] [-v] [-f] [--preload <module>] [--with-dropbear]"
$cmd " [--force-ide-probe] [--force-scsi-probe | --omit-scsi-modules]"
$cmd " [--image-version] [--force-raid-probe | --omit-raid-modules]"
$cmd " [--with=<module>] [--force-lvm-probe | --omit-lvm-modules]"
@@ -921,6 +921,10 @@
withfips=1
;;
+ --with-dropbear)
+ dropbear=1
+ ;;
+
--with-usb*)
if [ "$1" != "${1##--with-usb=}" ]; then
usbmodule=${1##--with-usb=}
@@ -1024,6 +1028,7 @@
--net-dev*)
if [ "$1" != "${1##--net-dev=}" ]; then
PREINTERFACES="$PREINTERFACES ${1##--net-dev=}"
+ dropbear_int=1
else
PREINTERFACES="$PREINTERFACES $2"
shift
@@ -1133,6 +1138,12 @@
exit 1
fi
+if [ -n "$dropbear" -a -z "$dropbear_int" ]; then
+ error "Can't enable dropbear without specifying: [--net-dev=<interface>]"
+ exit 1
+fi
+
+
if [ ! -d /lib/modules/$kernel ]; then
error 'No modules available for kernel "'${kernel}'".'
exit 1
@@ -1383,6 +1394,11 @@
echo $NONL "$@" >> $RCFILE
}
+emitdropbear()
+{
+ echo "$@" >> $MNTIMAGE/bin/unlock
+}
+
use_multipath=0
use_emc=0
use_xdr=0
@@ -1714,6 +1730,7 @@
set +e
fi
+
echo -n >| $RCFILE
cemit << EOF
#!/bin/nash
@@ -1827,37 +1844,128 @@
emit "cryptsetup luksOpen $1 $2"
}
+emitcryptodb()
+{
+ emitdropbear "echo Setting up disk encryption: $1"
+ emitdropbear "cryptsetup luksOpen $1 $2"
+}
+
+
if [ -n "$KEYMAP" -a -n "$LOADKEYS" ]; then
emit "echo Loading keymap."
emit "$LOADKEYS $KEYMAP"
fi
-for cryptdev in ${!cryptopart@} ; do
- emitcrypto `eval echo '$'$cryptdev`
-done
-
-if [ -n "$raiddevices" ]; then
- for dev in $raiddevices; do
- cp -a /dev/${dev} $MNTIMAGE/dev
- emit "raidautorun /dev/${dev}"
- done
-fi
+cryptoblock()
+{
+ catfun1="$1"
+ catfun2="$2"
+ for cryptdev in ${!cryptopart@} ; do
+ "$catfun2" `eval echo '$'$cryptdev`
+ done
+
+ if [ -n "$raiddevices" ]; then
+ for dev in $raiddevices; do
+ cp -a /dev/${dev} $MNTIMAGE/dev
+ "$catfun1" "raidautorun /dev/${dev}"
+ done
+ fi
+
+ for cryptdev in ${!cryptoraid@} ; do
+ "$catfun2" `eval echo '$'$cryptdev`
+ done
+
+ if [ -n "$vg_list" ]; then
+ "$catfun1" "echo Scanning logical volumes"
+ "$catfun1" "lvm vgscan --ignorelockingfailure"
+ "$catfun1" "echo Activating logical volumes"
+ "$catfun1" "lvm vgchange -ay --ignorelockingfailure $vg_list"
+ fi
+
+ for cryptdev in ${!cryptolv@} ; do
+ "$catfun2" `eval echo '$'$cryptdev`
+ done
+}
-for cryptdev in ${!cryptoraid@} ; do
- emitcrypto `eval echo '$'$cryptdev`
-done
+if [ "$dropbear" = 1 ]; then
+ set -e
+ echo "#!/bin/ash" > $MNTIMAGE/bin/unlock
+ chmod +x $MNTIMAGE/bin/unlock
+ cryptoblock "emitdropbear" "emitcryptodb"
+ dropbearconvert openssh dropbear /etc/ssh/ssh_host_rsa_key /etc/dropbear/dropbear_rsa_host_key 2>/dev/null
+ dropbearconvert openssh dropbear /etc/ssh/ssh_host_dsa_key /etc/dropbear/dropbear_dss_host_key 2>/dev/null
+ mkdir -p $MNTIMAGE/etc/dropbear
+ cat > $MNTIMAGE/etc/dropbear/banner << 'EOF'
+
+ To unlock root-partition run
+ unlock
+ 'killall cryptopause' to resume loading the system...
-if [ -n "$vg_list" ]; then
- emit "echo Scanning logical volumes"
- emit "lvm vgscan --ignorelockingfailure"
- emit "echo Activating logical volumes"
- emit "lvm vgchange -ay --ignorelockingfailure $vg_list"
+EOF
+ cat > $MNTIMAGE/bin/cryptopause << 'EOF'
+#!/bin/ash
+echo Type "unlock" and press enter to put in passphrase:
+/bin/ash
+EOF
+ extratools="/usr/bin/shred /sbin/badblocks /usr/bin/rsync /usr/bin/scp /usr/bin/ssh"
+ chmod +x $MNTIMAGE/bin/cryptopause
+ inst /usr/sbin/dropbear $MNTIMAGE/bin/dropbear
+ inst /sbin/busybox $MNTIMAGE/bin/busybox
+ inst /bin/login $MNTIMAGE/bin/login
+ inst /usr/bin/passwd $MNTIMAGE/usr/bin/passwd
+ inst /sbin/rmmod $MNTIMAGE/bin/rmmod
+ inst /etc/dropbear/dropbear_dss_host_key $MNTIMAGE/etc/dropbear/dropbear_dss_host_key
+ inst /etc/dropbear/dropbear_rsa_host_key $MNTIMAGE/etc/dropbear/dropbear_rsa_host_key
+ inst /etc/nsswitch.conf $MNTIMAGE/etc/nsswitch.conf
+ inst /etc/localtime $MNTIMAGE/etc/localtime
+ inst /etc/resolv.conf $MNTIMAGE/etc/resolv.conf
+ inst /etc/host.conf $MNTIMAGE/etc/host.conf
+ inst /etc/hosts $MNTIMAGE/etc/hosts
+ cp -pr /etc/passwd $MNTIMAGE/etc/passwd
+ cp -pr /etc/shadow $MNTIMAGE/etc/shadow
+ cp -pr /etc/group $MNTIMAGE/etc/group
+ grep ^root /etc/passwd | sed s/\\/bash/\\/ash/ > $MNTIMAGE/etc/passwd
+ grep ^root /etc/shadow > $MNTIMAGE/etc/shadow
+ grep ^root /etc/group > $MNTIMAGE/etc/group
+ echo /bin/ash > $MNTIMAGE/etc/shells
+ [ -d /root ] || mkdir --mode=0700 /root
+ [ -f /root/.ssh/authorized_keys ] && inst /root/.ssh/authorized_keys $MNTIMAGE/root/.ssh/authorized_keys
+ for tools in ifconfig route killall ash hostname mv rm; do
+ ln -s /sbin/busybox $MNTIMAGE/sbin/$tools
+ done
+ for tool in $extratools; do
+ inst $tool ${MNTIMAGE}${tool}
+ done
+ for i in $(ldd /usr/sbin/dropbear $extratools| awk '{if (NF==4) print $3; if (NF==2) print $1}') ; do
+ grep -q $i <<<$libs && continue
+ libs="$libs $i"
+ done
+ if echo "$libs" | grep -q lib64; then
+ libdir="lib64"
+ else
+ libdir="lib"
+ fi
+ for i in /${libdir}/{libnss_compat.so.2,libnss_files.so.2,libnss_dns.so.2,libresolv.so.2,libtermcap.so.2,libdl.so.2} ; do
+ grep -q $i <<<$libs && continue
+ libs="$libs $i"
+ done
+ for lib in $libs; do
+ basename=$(basename $lib)
+ while [ -L $lib ]; do
+ lib=$(readlink $lib)
+ done
+ inst $lib $MNTIMAGE${lib%/*}/$basename
+ done
+ inst /etc/ld.so.cache $MNTIMAGE/etc/ld.so.cache
+ emit "echo Starting dropbear"
+ emit "/bin/dropbear -b /etc/dropbear/banner"
+ emit "/bin/cryptopause"
+ emit "killall dropbear"
+ set +e
+else
+ cryptoblock "emit" "emitcrypto"
fi
-for cryptdev in ${!cryptolv@} ; do
- emitcrypto `eval echo '$'$cryptdev`
-done
-
if [ -z "$noresume" -a -n "$swsuspdev" ]; then
emit "resume $swsuspdev"
fi
Thanks for this great patch, I consider it very usefull for me.
But during testing one error occured:
Lets have configuration:
RAID ( LUKS_ENCRYPTED ( LVM ( /, /var, /home )))
Using patched mkinitrd won't boot because raidautorun is started from /bin/unlock script what is obviously wrong, because raidautorun is internal command for nash.
there are two obvious solutions for this:
1. edit script to emit raidautorun statement to /init script ( nash will interpret it ) - my solution
2. use busybox version where is raidautorun compiled in + add symlink to bin under raidautorun - this won't work, raidautodetect called from busybox is unable to detect raid volume. Calling raidautodetect as nash command will detect it. ( dont add any raidautorun to /bin - it will override nash internal command )
sometimes busybox is missing library, it is good idea to browse dependencies for busybox in mkinitrd as it does for other tools
patch for patched mkinitrd from above:
<code>
--- mkinitrd 2010-06-28 01:51:10.137349671 +0200
+++ mkinitrd_new 2010-06-28 01:52:40.000000000 +0200
@@ -1906,7 +1906,7 @@
if [ -n "$raiddevices" ]; then
for dev in $raiddevices; do
cp -a /dev/${dev} $MNTIMAGE/dev
- "$catfun1" "raidautorun /dev/${dev}"
+ emit "raidautorun /dev/${dev}"
done
fi
@@ -1975,7 +1975,7 @@
for tool in $extratools; do
inst $tool ${MNTIMAGE}${tool}
done
- for i in $(ldd /usr/sbin/dropbear $extratools| awk '{if (NF==4) print $3; if (NF==2) print $1}') ; do
+ for i in $(ldd /usr/sbin/dropbear /sbin/busybox $extratools| awk '{if (NF==4) print $3; if (NF==2) print $1}') ; do
grep -q $i <<<$libs && continue
libs="$libs $i"
done
</code>
This portion of the patch
<code>
--- mkinitrd 2010-06-28 01:51:10.137349671 +0200
+++ mkinitrd_new 2010-06-28 01:52:40.000000000 +0200
@@ -1975,7 +1975,7 @@
for tool in $extratools; do
inst $tool ${MNTIMAGE}${tool}
done
- for i in $(ldd /usr/sbin/dropbear $extratools| awk '{if (NF==4) print $3; if (NF==2) print $1}') ; do
+ for i in $(ldd /usr/sbin/dropbear /sbin/busybox $extratools| awk '{if (NF==4) print $3; if (NF==2) print $1}') ; do
grep -q $i <<<$libs && continue
libs="$libs $i"
done
</code>
fails if busybox is statically build
ldd /usr/sbin/dropbear /sbin/busybox
/usr/sbin/dropbear:
...
/sbin/busybox:
not a dynamic executable
This leads to
+ for i in '$(ldd /usr/sbin/dropbear /sbin/busybox $extratools| awk '\''{if (NF==4) print $3; if (NF==2) print $1}'\'')'
+ grep -q dynamic
+ libs=' /lib64/libutil.so.1 /usr/lib64/libz.so.1 /lib64/libcrypt.so.1 /lib64/libc.so.6 /lib64/ld-linux-x86-64.so.2 dynamic'
which results in this error
+ for lib in '$libs'
basename $lib
++ basename dynamic
+ basename=dynamic
+ '[' -L dynamic ']'
+ inst dynamic /tmp/initrd.X15298dynamic/dynamic
+ '[' 2 '!=' 2 ']'
+ vecho 'dynamic -> /tmp/initrd.X15298dynamic/dynamic'
+ NONL=
+ '[' 'dynamic -> /tmp/initrd.X15298dynamic/dynamic' == -n ']'
+ '[' -n '' ']'
dirname $2
++ dirname /tmp/initrd.X15298dynamic/dynamic
+ mkdir -p /tmp/initrd.X15298dynamic
+ cp dynamic /tmp/initrd.X15298dynamic/dynamic
cp: cannot stat `dynamic': No such file or directory
and mkinitrd fails. The solution is to do not apply this portion patch if the busybox is statically build or correct it to account for it. Thanks for all the work you guys did!
Since Ubuntu 10.04 the above script will no longer work. The feature to unlock a root partition via ssh has been integrated into the distribution. If there is a LUKS encrypted root partition, then there will automatically be a dropbear ssh server and a busybox running, and the network is set up using DHCP.
By default, you can connect to the SSH server as root using the private key in the file /etc/initramfs-tools/root/.ssh/id_rsa
The root partition can be unlocked by issuing the command:echo -n "Passphrase" > /lib/cryptsetup/passfifo
... if there wasn't the new boot screen plymouth that was introduced with 10.04
The following script is a major modification of the above. Like the original, it will allow you to connect via ssh and unlock the filesystem by simply typing unlock. Additionally, you can use private key, password-based authentication or both. Just follow the instructions at the top (tested with Ubuntu 10.10 server, should work with 10.04 as well):
#!/bin/bash # We add dropbear to the initrd to be able # mount crypted partitions from remote # copyright Wulf Coulmann # GNU GPL # http://www.gnu.org/licenses/gpl.html # # Download me here: http://gpl.coulmann.de/dropbear # get infos about this script here: # http://gpl.coulmann.de/ssh_luks_unlock.html # Modified by Anonymous 2008 # Modified By Geoffroy RABOUIN 26/05/2008 # Modified by hyper_ch 15/06/2008 # Modified by infinity_dev 06/10/2010 ### INSTRUCTIONS FOR UBUNTU 10.04 AND ABOVE ### # Prerequisites: cryptsetup and an encrypted root disk # 0. Install dropbear: # ~# sudo apt-get install dropbear # 1. You can access the ssh server by private key and/or password # Private key: Copy the default ssh private key from # /etc/initramfs-tools/root/.ssh/id_rsa to your local computer, e.g.: # ~# scp user@server:/etc/initramfs-tools/root/.ssh/id_rsa ~/ # Or put your own key in /etc/initramfs-tools/root/.ssh/authorized_keys # Note: If you use PuTTY as ssh client, convert the key with PuTTYgen (snapshot) # Password: Alternatively, set a password for user root to allow password-based login # before updating your initrd image in step 5. # 2. Copy contents of this script to /etc/initramfs-tools/hooks/dropbear # 3. Save the script and make it executable: # ~# sudo chmod +x /etc/initramfs-tools/hooks/dropbear # 4. Comment the lines in /usr/share/initramfs-tools/scripts/local-top/cryptroot # like this to prevent the password prompt from going through plymouth: # # if [ -z "$cryptkeyscript" ]; then # cryptkey="Unlocking the disk $cryptsource ($crypttarget)\nEnter passphrase: " # #if [ -x /bin/plymouth ] && plymouth --ping; then # # cryptkeyscript="plymouth ask-for-password --prompt" # # cryptkey=$(echo -e "$cryptkey") # #else # cryptkeyscript="/lib/cryptsetup/askpass" # #fi # fi # 5. Create new default initrd: # ~# sudo update-initramfs -u # Alternatively, you can follow steps 4 and 5 of the original howto if you # don't want to override the initrd installed by Ubuntu. # You might also want to replace the boot parameter `splash` by `noplymouth` # in your /boot/grub/menu.lst boot menu entry # 6. Reboot, connect via SSH and use the `unlock` command PREREQ="" prereqs() { echo "$PREREQ" } case $1 in prereqs) prereqs exit 0 ;; esac # Begin real processing below this line # load the prepared functions of debians initramfs enviroment source /usr/share/initramfs-tools/hook-functions # build the directories if not present DIRS='/lib /bin /usr/bin /usr/sbin/ /proc/ /root/.ssh/ /var/ /var/run/ /etc/dropbear/' for now in $DIRS ; do if [ ! -e ${DESTDIR}$now ] then mkdir -p ${DESTDIR}$now fi done # copy some used tools copy_exec /usr/bin/killall /usr/bin/ copy_exec /usr/bin/awk /usr/bin/ copy_exec /usr/bin/wc /usr/bin/ # copy authentication files cp -pr /etc/passwd ${DESTDIR}/etc/ cp -pr /etc/shadow ${DESTDIR}/etc/ cp -pr /etc/group ${DESTDIR}/etc/ # we don't have bash in our initrd # also we only want the root account cat /etc/passwd | grep root | sed s/\\/bash/\\/sh/ > ${DESTDIR}/etc/passwd cat /etc/shadow | grep root > ${DESTDIR}/etc/shadow cat /etc/group | grep root > ${DESTDIR}/etc/group # Set unlock help as MOTD cat >${DESTDIR}/etc/motd << 'EOF' To unlock root-partition run unlock EOF # script to unlock luks via ssh cat >${DESTDIR}/usr/bin/unlock << 'EOF' #!/bin/sh /lib/cryptsetup/askpass "Enter volume password: " > /lib/cryptsetup/passfifo EOF chmod 700 ${DESTDIR}/usr/bin/unlock # make sure we exit dropbear at the end of the startup process cat >${DESTDIR}/scripts/local-bottom/rm_dropbear << 'EOF' #!/bin/sh PREREQ="" prereqs() { echo "" } case $1 in prereqs) prereqs exit 0 ;; esac # Begin real processing below this line # we kill dropbear ssh-server /usr/bin/killall dropbear EOF chmod 700 ${DESTDIR}/scripts/local-bottom/rm_dropbear
infinity_dev, could you post the modified script in a readable form?
Thanks, Martin
I created a stripped down version of his hook script, and splitted the cryptsetup and dropbear part:
- hook script "cryptroot_unlock"
- local_bottom script "dropbear_kill_clients"
I created a stripped-down versions of the script and separted the cryptsetup and dropbear part:
- hook script "cryptroot_unlock"
- local bottom script "dropbear_kill_clients"
Extra stuff like copying user passwords has been removed, as this exposes valuable data. It is recommend to use public key authentication only.
Maddes
#!/bin/bash # We add dropbear to the initrd to be able # mount crypted partitions from remote # copyright Wulf Coulmann # GNU GPL # http://www.gnu.org/licenses/gpl.html # # Download me here: http://gpl.coulmann.de/dropbear # get infos about this script here: # http://gpl.coulmann.de/ssh_luks_unlock.html # Modified by Anonymous 2008 # Modified By Geoffroy RABOUIN 26/05/2008 # Modified by hyper_ch 15/06/2008 # Modified by infinity_dev 06/10/2010 ### INSTRUCTIONS FOR UBUNTU 10.04 AND ABOVE ### # Prerequisites: cryptsetup and an encrypted root disk # 0. Install dropbear: # ~# sudo apt-get install dropbear # 1. You can access the ssh server by private key and/or password # Private key: Copy the default ssh private key from # /etc/initramfs-tools/root/.ssh/id_rsa to your local computer, e.g.: # ~# scp user@server:/etc/initramfs-tools/root/.ssh/id_rsa ~/ # Or put your own key in /etc/initramfs-tools/root/.ssh/authorized_keys # Note: If you use PuTTY as ssh client, convert the key with PuTTYgen (snapshot) # Password: Alternatively, set a password for user root to allow password-based login # before updating your initrd image in step 5. # 2. Copy contents of this script to /etc/initramfs-tools/hooks/dropbear # 3. Save the script and make it executable: # ~# sudo chmod +x /etc/initramfs-tools/hooks/dropbear # 4. Comment the lines in /usr/share/initramfs-tools/scripts/local-top/cryptroot # like this to prevent the password prompt to go through plymouth: # # if [ -z "$cryptkeyscript" ]; then # cryptkey="Unlocking the disk $cryptsource ($crypttarget)\nEnter passphrase: " # #if [ -x /bin/plymouth ] && plymouth --ping; then # # cryptkeyscript="plymouth ask-for-password --prompt" # # cryptkey=$(echo -e "$cryptkey") # #else # cryptkeyscript="/lib/cryptsetup/askpass" # #fi # fi # 5. Create new default initrd: # ~# sudo update-initramfs -u # Alternatively, you can follow steps 4 and 5 of the original howto if you # don't want to override the initrd installed by Ubuntu. # You might also want to replace the boot parameter `splash` by `noplymouth` # in your /boot/grub/menu.lst boot menu entry # 6. Reboot, connect via SSH and use the `unlock` command PREREQ="" prereqs() { echo "$PREREQ" } case $1 in prereqs) prereqs exit 0 ;; esac # Begin real processing below this line # load the prepared functions of debians initramfs enviroment source /usr/share/initramfs-tools/hook-functions # build the directories if not present DIRS='/lib /bin /usr/bin /usr/sbin/ /proc/ /root/.ssh/ /var/ /var/run/ /etc/dropbear/' for now in $DIRS ; do if [ ! -e ${DESTDIR}$now ] then mkdir -p ${DESTDIR}$now fi done # copy some files copy_exec /usr/bin/killall /usr/bin/ copy_exec /usr/bin/awk /usr/bin/ copy_exec /usr/bin/wc /usr/bin/ # copy authentication files cp -pr /etc/passwd ${DESTDIR}/etc/ cp -pr /etc/shadow ${DESTDIR}/etc/ cp -pr /etc/group ${DESTDIR}/etc/ # we don't have bash in our initrd # also we only want the root account cat /etc/passwd | grep root | sed s/\\/bash/\\/sh/ > ${DESTDIR}/etc/passwd cat /etc/shadow | grep root > ${DESTDIR}/etc/shadow cat /etc/group | grep root > ${DESTDIR}/etc/group # Set unlock help as MOTD cat >${DESTDIR}/etc/motd << 'EOF' To unlock root-partition run unlock EOF # script to unlock luks via ssh cat >${DESTDIR}/usr/bin/unlock << 'EOF' #!/bin/sh /lib/cryptsetup/askpass "Enter volume password: " > /lib/cryptsetup/passfifo EOF chmod 700 ${DESTDIR}/usr/bin/unlock # make sure we exit dropbear at the end of the startup process cat >${DESTDIR}/scripts/local-bottom/rm_dropbear << 'EOF' #!/bin/sh PREREQ="" prereqs() { echo "" } case $1 in prereqs) prereqs exit 0 ;; esac # Begin real processing below this line # we kill dropbear ssh-server /usr/bin/killall dropbear EOF chmod 700 ${DESTDIR}/scripts/local-bottom/rm_dropbear
I am observing problem with the script in the manual with latest ubuntu server (11.04). I am getting to the point that i can successfully login into the dropbear service, but the command unlock is giving me the error that in can not load modprobe.
I have tried to reboot and then enter :
echo -n "Passphrase" > /lib/cryptsetup/passfifo
but this is not returning enything.
Can someone post en example of unlocking the system. Or at least the procedure how it should look like so we can compare what is wrong.
Thanks in advance,
Tito