NoPaste

Verschlüsseltes System über SSH installieren

von dmant

SNIPPET_TEXT:
  1. cfdisk /dev/sda
  2.  
  3. root@rescue:~# mkfs.ext4 -L boot /dev/sda1
  4.  
  5. mke2fs 1.42.12 (29-Aug-2014)
  6. Creating filesystem with 512000 1k blocks and 128016 inodes
  7. Filesystem UUID: 45b6d998-58ee-4a89-a3a7-e8530d22d9f4
  8. Superblock backups stored on blocks:
  9.         8193, 24577, 40961, 57345, 73729, 204801, 221185, 401409
  10.  
  11. Allocating group tables: done                            
  12. Writing inode tables: done                            
  13. Creating journal (8192 blocks): done
  14. Writing superblocks and filesystem accounting information: done
  15.  
  16. root@rescue:~# cryptsetup -s 512 -h sha512 -c aes-xts-plain64 luksFormat /dev/sda2
  17.  
  18. WARNING!
  19. ========
  20. This will overwrite data on /dev/sda2 irrevocably.
  21.  
  22. Are you sure? (Type uppercase yes): YES
  23. Enter passphrase:
  24. Verify passphrase:
  25.  
  26. root@rescue:~#
  27.  
  28. root@rescue:~# cryptsetup luksOpen /dev/sda2 root_secure
  29. Enter passphrase for /dev/sda2:
  30.  
  31. root@rescue:~# pvcreate /dev/mapper/root_secure
  32.   Physical volume "/dev/mapper/root_secure" successfully created
  33.  
  34. root@rescue:~# vgcreate vgdebian /dev/mapper/root_secure
  35.   Volume group "vgdebian" successfully created
  36.  
  37. root@rescue:~# lvcreate -L 1000M -n swap vgdebian
  38.   Logical volume "swap" created
  39.  
  40. root@rescue:~# lvcreate -l 100%FREE -n root vgdebian
  41.   Logical volume "root" created
  42.  
  43. root@rescue:~#
  44.  
  45. root@rescue:~# mkswap /dev/mapper/vgdebian-swap -L swap
  46. Setting up swapspace version 1, size = 1023996 KiB
  47. LABEL=swap, UUID=8f5952d3-c995-4e98-97c4-XXXXXXXXXX
  48.  
  49. root@rescue:~# mkfs.ext4 /dev/mapper/vgdebian-root -L root
  50. mke2fs 1.42.12 (29-Aug-2014)
  51. Creating filesystem with 4985856 4k blocks and 1248480 inodes
  52. Filesystem UUID: 8551b950-8f5a-490f-847b-6ca79fdbc90c
  53. Superblock backups stored on blocks:
  54.         32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
  55.         4096000
  56.  
  57. Allocating group tables: done
  58. Writing inode tables: done
  59. Creating journal (32768 blocks): done
  60. Writing superblocks and filesystem accounting information: done
  61.  
  62. root@rescue:~#
  63.  
  64. root@rescue:~# mkdir /target
  65. root@rescue:~# mount /dev/mapper/vgdebian-root /target
  66. root@rescue:~# mkdir /target/boot
  67. root@rescue:~# mount /dev/sda1 /target/boot
  68. root@rescue:~# swapon /dev/mapper/vgdebian-swap
  69.  
  70. root@rescue:~# debootstrap --arch amd64 jessie /target/ http://ftp.de.debian.org/debian
  71. I: Retrieving Release
  72. I: Retrieving Release.gpg
  73. I: Checking Release signature
  74. I: Valid Release signature (key id 75DDC3C4A499F1A18CB5F3C8CBF8D6FD518E17E1)
  75. I: Retrieving Packages
  76. I: Validating Packages
  77. I: Resolving dependencies of required packages...
  78. I: Resolving dependencies of base packages...
  79. .......
  80. .......
  81. .......
  82. I: Base system installed successfully.
  83. root@rescue:~#
  84.  
  85.  
  86. root@rescue:~# mount -t proc none /target/proc
  87. root@rescue:~# mount -o bind /dev /target/dev
  88. root@rescue:~# mount -t tmpfs none /target/tmp
  89. root@rescue:~# mount -o bind /sys /target/sys
  90. root@rescue:~# chroot /target /bin/bash
  91. root@rescue:/#
  92.  
  93. root@rescue:/# mkdir -p /boot/grub      
  94. root@rescue:/# passwd
  95. Enter new UNIX password:
  96. Retype new UNIX password:
  97. passwd: password updated successfully
  98. root@rescue:/#
  99.  
  100. root@rescue:/# apt-get update && apt-get upgrade -y && apt-get install aptitude
  101.  
  102. root@rescue:/# aptitude install locales && dpkg-reconfigure locales
  103.  
  104. root@rescue:/# dpkg-reconfigure tzdata
  105.  
  106. root@rescue:/# aptitude install linux-image-amd64
  107.  
  108. root@rescue:/# aptitude install ssh grub pciutils psmisc cryptsetup pwgen xfsprogs xfsdump lvm2 -y
  109.  
  110. root@rescue:/# cat /etc/fstab
  111. /dev/mapper/vgdebian-root       /       ext4    errors=remount-ro       0       1
  112. /dev/sda1                       /boot   ext4    re,nosuid,nodev         0       2
  113. /dev/mapper/vgdebian-swap       none    swap    sw                      0       0
  114. root@rescue:/#
  115.  
  116. root@rescue:/# cat /etc/crypttab
  117. secure_root     UUID=ea50e68c-54cb-453d-ae3d-XXXXXXX       none    luks
  118. root@rescue:/#

Quellcode

Hier kannst du den Code kopieren und ihn in deinen bevorzugten Editor einfügen. PASTEBIN_DOWNLOAD_SNIPPET_EXPLAIN