-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Logic is still being executed after successful decryption, displaying unnecessary errors #12
Comments
Interesting.
Correct. Can you please test below script: #!/bin/sh
set -e
PREREQ="dropbear"
prereqs()
{
echo "$PREREQ"
}
case $1 in
prereqs)
prereqs
exit 0
;;
esac
. /scripts/functions
LINK_UP_PORT=1234
LINK_UP_SERVER="example.com"
LINK_UP_SERVER_PORT=22
LINK_UP_USER="myuser"
LOCAL_SSHD_PORT=22 # see README.md#run-dropbear-on-additional-ports
check_internet(){
ping -V 2>&1 > /dev/null || exit
if ping -c 1 example.com > /dev/null 2>&1; then
echo "online"
else
echo "offline"
fi
}
create_link(){
echo "LINK UP: Waiting for the network config"
while :; do
status=$(check_internet) || exit
if [[ "$status" == "online" ]]; then
break
fi
sleep 2 || exit
done
echo "Creating link with server..."
/sbin/ifconfig lo up
dbclient -R ${LINK_UP_PORT}:127.0.0.1:${LOCAL_SSHD_PORT} ${LINK_UP_USER}@${LINK_UP_SERVER} -p ${LINK_UP_SERVER_PORT} -i /root/.ssh/id_rsa -N -f -y -y
}
watchdog(){
echo "Watchdog started for network config"
sleep 60
status=$(check_internet) || exit
if [[ "$status" == "online" ]]; then
echo "Internet connection OK: stopping the short watchdog,"
echo "...setting long watchdog (10 minutes)."
sleep 600
else
echo "No internet connection, rebooting..."
sleep 3
fi
/bin/reboot || exit
}
create_link &
watchdog & I added Correct approach might be killing whole |
Unfortunately, the Another remark, in case someone else is trying to replicate this, the version of I'll try the "kill it nicely" approach and write back later. |
Here's how it worked out for me - terminate the bash process after the OS loads. I did it via a cronjob for the root user:
For the benefit of future archaeologists, the root cause is that my set-up is a bit different. I had the "unlock over SSH" functionality working beforehand, and I only relied on your guide to add reverse SSH to the mix, but without taking the logic in I use an So, this was a false alarm. Nevertheless, I greatly appreciate your quick reaction and support. |
I'm glad to hear that you solved the problem. I also thank you for sharing your results. I'm going to mark this issue as "enhancement" and keep it open until I find the proper way to remove the |
Hi, I followed the documented steps on a Debian 11 and I noticed a cosmetic problem.
After the system was decrypted and the boot process is successful, one sees the authentication prompt. However, as the watchdog is still running, it fails to execute some actions that worked well before, when the
/
partition was still not decrypted and mounted.Here's what I mean:
![image](https://user-images.githubusercontent.com/295338/154977692-fffaae26-713a-4443-a84a-4cf3e2b34a85.png)
This happens because the watchdog is invoking
check_internet()
, which in turn attempts to callping -c 1 google.com > /dev/null 2>&1
.It seems that after the decryption process takes place, the environment changes, and basic file system resources and commands are not available anymore. For example, if I make changes in the script to run
ls
- then it will say that this is an unknown command.In your original script, the
|| exit
part is supposed to take care of that - you either run the command, or terminate the script. But on my system the exit part is never reached, because failure occurs when I attempt to run the first command.My workaround is to do a
printf "\033c"
somewhere inlink-with-server.sh
, which clears the screen and removes the errors, so they don't stress the user. However, that doesn't address the root cause of the problem.p.s. thank you for sharing this recipe, I found it very useful in my projects. You made it very easy to integrate remote unlocking.
The text was updated successfully, but these errors were encountered: