Mandos with ZFS native encryption
Teddy Hogeborn
teddy at recompile.se
Mon Jul 3 14:59:12 CEST 2023
Tomas <tomas at fritiofson.se> writes:
> I am building out a three node Proxmox cluster on top of Debian 12. I
> use ZFS native encryption on all three nodes and has
> dropbear-initramfs configured for remote password entry via SSH at
> initramfs stage. I want to add Mandos to this and run server and
> client on all three nodes but I am unable to find any documentation on
> how to set it up properly with ZFS native encryption. Can someone here
> point me in the right direction? Can I insert the password to
> zfsunlock via output from mandos client?
The Mandos Client program "mandos-client" only outputs the password to
its standard output. It should be reasonably simple to use this to
engineer your own solution.
Note: If your system can use passwords supplied to a systemd "Password
Agent", then the program password-agent(8mandos), included in the Mandos
Client installation, runs mandos-client internally, and sends any
password thus obtained to any active systemd Password Agent password
questions. (It is intended to run in a initramfs image created by
dracut when systemd is installed.)
/Teddy Hogeborn
--
The Mandos Project
https://www.recompile.se/mandos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 861 bytes
Desc: not available
URL: <http://mail.recompile.se/pipermail/mandos-dev/attachments/20230703/c2ddd3d3/attachment.sig>
More information about the Mandos-Dev
mailing list