jgaunt/FreeNAS-Network-Unlock
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
This repository has been archived on 2020-09-24. You can view files and clone it, but cannot push or open issues or pull requests.
Files
c910c2e8bd73c3d7841d81a6b76afec563ef97f5
FreeNAS-Network-Unlock/README.md
jgaunt fe35f8bf43 Update 'README.md'
2019-12-21 20:34:03 -05:00

48 lines
2.2 KiB
Markdown
Raw Blame History

# FreeNAS-Network-Unlock
Configuration variables are changed within the [config.py](config.py) file.
#### Setup Luks Volume with Recovery Keys
You are responsible for setting up the luks volume and copying the recovery keys to it. You can use the following as a base.
Create a 128Mb file containing random data, this will be the file we will encrypt and use to store the keys. This file is way bigger than required, but hey, we might use it for something else later
```
dd if=/dev/urandom of=~/secure.luks bs=1M count=128
```
Set this file to be an encrypted LUKS container
We will be asked for a passphrase for the encryption. Let's make it long and complicated and we'll use it later to decrypt this volume from FreeNAS
```
cryptsetup -y luksFormat ~/secure.luks
```
Let's open our encrypted volume and so we can access it as a device within /dev/mapper
We'll need to use our passphrase to open the file
```
sudo cryptsetup luksOpen ~/secure.luks secure
```
Now we can create a filesystem within the device
```
sudo mkfs.ext4 -j /dev/mapper/secure
```
Create somewhere to mount this filesystem in future
```
sudo mkdir /mnt/secure
```
At last, we can mount our encrpyted file system
```
sudo mount /dev/mapper/secure /mnt/secure
```
Now you can copy over your recovery keys to the luks volume. **The keys will need to be named \<POOL_NAME\>.recoveryKey**
#### Setup password-less SSH connection
You are responsible for setting up the password-less ssh connection from freenas to the other computer. You can use the following as a base.
```
# Run ssh-keygen to create the default ~/.ssh/id_rsa ssh key (no passphrase)
ssh-keygen
# Add the public key of this ssh key to the authorized keys of the PI
# We will be prompted to enter the password of the Pi use in order to access the Pi on this occasion, but once the keys are installed on the Pi we won't need to use the password again
cat ~/.ssh/id_rsa.pub | ssh <KEY_HOST_USER>@<KEY_HOST> 'mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys'
# Check that password-less access is working by running
ssh <KEY_HOST_USER>@<KEY_HOST>
# You should be dumped straight to the terminal of the Pi without being prompted for a password. You can now logout of the Pi using:
exit
```
Reference in New Issue View Git Blame Copy Permalink