Package: dropbear Version: 2012.55-1.3 Severity: wishlist Hi,
When using dropbear to supply rootfs crypto passwords in the initramfs an IP must be configured on the kernel command line in the bootloader. It can be useful to configure the initramfs with a different network configuration from that the booted system normally uses: omitting the gateway address restricts access to the initramfs to the local lan, configuring an IP address which is entirely different from that of the running system gives initramfs has a different identity on the network while waiting for the rootfs crypto password. The latter is useful when managing host keys, which can differ between the initramfs and the running system. If configuring a static IP address and the gateway address is omitted the system remains without a gateway address after booting. I didn't try configuring an entirely separate IP number on the kernel command line from that which the system will use when running but I suspect that, because the interface is already configured when the post-initramfs boot process starts networking, the boot process will not reconfigure the interface and the IP specified on the kernel command line will take precedence over that in /etc/interfaces. It would be nice if dropbear could be configured to shut down the network interfaces after the rootfs has successfully mounted. This (I believe) would allow the network configuration in the initramfs to be independent of the network configuration of the running system. I suspect that the way to do this is with a flag in /usr/share/initramfs-tools/conf-hooks.d/dropbear and a script in /usr/share/initramfs-tools/local-bottom/. It may be that the local-bottom script need only execute "ipconfig -c any ::::::all:none", but that's a guess. It's not obvious to me from the docs how to make klibc's ipconfig bring an interface down, if this is possible. Obviously, this would not be compatible with NFS root mounts. Regards, Karl O. Pinc -- System Information: Debian Release: 7.1 APT prefers stable APT policy: (500, 'stable'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages dropbear depends on: ii libc6 2.13-38 ii zlib1g 1:1.2.7.dfsg-13 dropbear recommends no packages. Versions of packages dropbear suggests: ii openssh-client 1:6.0p1-4 pn runit <none> ii udev 175-7.2 ii xauth 1:1.0.7-1 -- no debconf information -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
