Verschlüsseltes System über SSH installieren
von dmant- SNIPPET_TEXT:
-
- cfdisk /dev/sda
- root@rescue:~# mkfs.ext4 -L boot /dev/sda1
- mke2fs 1.42.12 (29-Aug-2014)
- Creating filesystem with 512000 1k blocks and 128016 inodes
- Filesystem UUID: 45b6d998-58ee-4a89-a3a7-e8530d22d9f4
- Superblock backups stored on blocks:
- 8193, 24577, 40961, 57345, 73729, 204801, 221185, 401409
- Allocating group tables: done
- Writing inode tables: done
- Creating journal (8192 blocks): done
- Writing superblocks and filesystem accounting information: done
- root@rescue:~# cryptsetup -s 512 -h sha512 -c aes-xts-plain64 luksFormat /dev/sda2
- WARNING!
- ========
- This will overwrite data on /dev/sda2 irrevocably.
- Are you sure? (Type uppercase yes): YES
- Enter passphrase:
- Verify passphrase:
- root@rescue:~#
- root@rescue:~# cryptsetup luksOpen /dev/sda2 root_secure
- Enter passphrase for /dev/sda2:
- root@rescue:~# pvcreate /dev/mapper/root_secure
- Physical volume "/dev/mapper/root_secure" successfully created
- root@rescue:~# vgcreate vgdebian /dev/mapper/root_secure
- Volume group "vgdebian" successfully created
- root@rescue:~# lvcreate -L 1000M -n swap vgdebian
- Logical volume "swap" created
- root@rescue:~# lvcreate -l 100%FREE -n root vgdebian
- Logical volume "root" created
- root@rescue:~#
- root@rescue:~# mkswap /dev/mapper/vgdebian-swap -L swap
- Setting up swapspace version 1, size = 1023996 KiB
- LABEL=swap, UUID=8f5952d3-c995-4e98-97c4-XXXXXXXXXX
- root@rescue:~# mkfs.ext4 /dev/mapper/vgdebian-root -L root
- mke2fs 1.42.12 (29-Aug-2014)
- Creating filesystem with 4985856 4k blocks and 1248480 inodes
- Filesystem UUID: 8551b950-8f5a-490f-847b-6ca79fdbc90c
- Superblock backups stored on blocks:
- 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
- 4096000
- Allocating group tables: done
- Writing inode tables: done
- Creating journal (32768 blocks): done
- Writing superblocks and filesystem accounting information: done
- root@rescue:~#
- root@rescue:~# mkdir /target
- root@rescue:~# mount /dev/mapper/vgdebian-root /target
- root@rescue:~# mkdir /target/boot
- root@rescue:~# mount /dev/sda1 /target/boot
- root@rescue:~# swapon /dev/mapper/vgdebian-swap
- root@rescue:~# debootstrap --arch amd64 jessie /target/ http://ftp.de.debian.org/debian
- I: Retrieving Release
- I: Retrieving Release.gpg
- I: Checking Release signature
- I: Valid Release signature (key id 75DDC3C4A499F1A18CB5F3C8CBF8D6FD518E17E1)
- I: Retrieving Packages
- I: Validating Packages
- I: Resolving dependencies of required packages...
- I: Resolving dependencies of base packages...
- .......
- .......
- .......
- I: Base system installed successfully.
- root@rescue:~#
- root@rescue:~# mount -t proc none /target/proc
- root@rescue:~# mount -o bind /dev /target/dev
- root@rescue:~# mount -t tmpfs none /target/tmp
- root@rescue:~# mount -o bind /sys /target/sys
- root@rescue:~# chroot /target /bin/bash
- root@rescue:/#
- root@rescue:/# mkdir -p /boot/grub
- root@rescue:/# passwd
- Enter new UNIX password:
- Retype new UNIX password:
- passwd: password updated successfully
- root@rescue:/#
- root@rescue:/# apt-get update && apt-get upgrade -y && apt-get install aptitude
- root@rescue:/# aptitude install locales && dpkg-reconfigure locales
- root@rescue:/# dpkg-reconfigure tzdata
- root@rescue:/# aptitude install linux-image-amd64
- root@rescue:/# aptitude install ssh grub pciutils psmisc cryptsetup pwgen xfsprogs xfsdump lvm2 -y
- root@rescue:/# cat /etc/fstab
- /dev/mapper/vgdebian-root / ext4 errors=remount-ro 0 1
- /dev/sda1 /boot ext4 re,nosuid,nodev 0 2
- /dev/mapper/vgdebian-swap none swap sw 0 0
- root@rescue:/#
- root@rescue:/# cat /etc/crypttab
- secure_root UUID=ea50e68c-54cb-453d-ae3d-XXXXXXX none luks
- root@rescue:/#
Quellcode
Hier kannst du den Code kopieren und ihn in deinen bevorzugten Editor einfügen. PASTEBIN_DOWNLOAD_SNIPPET_EXPLAIN