I am trying to run a vm with LUKS enabled, from what I can see the best way to handle unlocking with SSH was dracut-sshd, but if there is a better way I am open to that. So far I think I have successfully enabled the dracut-sshd module. But I can only get a response about key not recognized. I have tried looking at the references for dracut-sshd and google, here. Lots of stuff seems incomplete for the immutable distro. Not everything below is probably relevant/needed/correct. I did verify once unlocked and booted that I could get other SSH keys to work.
Steps so far.
rpm-ostree install dracut-sshd
rpm-ostree install dracut-network
rpm-ostree install systemd-networkd
// ujust toggle-ssh // I don't think this was necessary I just did it to make sure ssh into the device works
Make /etc/systemd/system.conf/d/20-network.wired
[Match]
Name=e*
[Network]
DHCP=ipv4
Update /etc/dracut.conf.d/90–networkd.conf
install_items+=" /etc/systemd/network/20-wired.network "
add_dracutmodules+=" systemd-networkd "
Copy ssh key
cp /etc/ssh/ssh_host_rsa_key.pub /etc/dracut-sshd/authorized_keys
Add entry to /etc/dracut.conf.d/sshd.conf
install_items+=" /etc/dracut-sshd/authorized_keys"
Then the initramfs
rpm-ostree initramfs --enable
rpm-ostree initramfs-etc --track=/etc/dracut-sshd/authorized_keys
rpm-ostree initramfs --enable -arg=-I --arg=/etc/dracut-sshd/authorized_keys
rpm-ostree initramfs --enable --arg=-I --arg=/etc/dracut-sshd/authorized_ keys
Also the obligatory systemctl reboot
Additionally I have set a root password.
For the life of me i can’t get the corresponding private key to work with the same generated public key that I put into the authorized_keys in the /etc/dracut-sshd/authorized_keys
Thanks.