summarylogtreecommitdiffstats
path: root/mkinitcpio-knockencryptssh.install
diff options
context:
space:
mode:
Diffstat (limited to 'mkinitcpio-knockencryptssh.install')
-rw-r--r--mkinitcpio-knockencryptssh.install46
1 files changed, 46 insertions, 0 deletions
diff --git a/mkinitcpio-knockencryptssh.install b/mkinitcpio-knockencryptssh.install
new file mode 100644
index 000000000000..1c6af8c3ba75
--- /dev/null
+++ b/mkinitcpio-knockencryptssh.install
@@ -0,0 +1,46 @@
+post_install() {
+ echo ""
+ echo ""
+ echo "################################################"
+ echo "##### #####"
+ echo "##### Hints on configuring knockencryptssh #####"
+ echo "##### #####"
+ echo "################################################"
+ echo ""
+ echo "Modify the configuration at /etc/knockencryptssh/knockencryptssh.conf"
+ echo ""
+ echo " [knockencryptssh]"
+ echo " keyfile: Filename of the keyfile that'll be transferred"
+ echo " tempdir: Temporary directory where knockd will put it's knock alerts and"
+ echo " knockencryptssh will pick them up"
+ echo ""
+ echo ""
+ echo "Modify the configuration at /etc/knockencryptssh/knockd.conf"
+ echo ""
+ echo " [options]"
+ echo " interface: specify the interface knockd should listen on"
+ echo ""
+ echo " [knockKeyfile]"
+ echo " sequence: specify the port sequence that marks a knock for keyfile"
+ echo " transmission, this should be a port that your SSH server (e.g."
+ echo " dropbear or tinyssh) does not listen on"
+ echo ""
+ echo " [knockPassphrase]"
+ echo " sequence: specify the port sequence that marks a knock for passphrase"
+ echo " entry, this should usually be the standard port your SSH server"
+ echo " (e.g. dropbear or tinyssh) listens on"
+ echo ""
+ echo ""
+ echo "Don't forget to add the knockencryptssh hook after netconf and "
+ echo "<your SSH server hook> (e.g. dropbear or tinyssh) but before lvm2 in your"
+ echo "/etc/mkinitcpio.conf so it'll look like:"
+ echo " HOOKS=(base ... netconf dropbear knockencryptssh lvm2 filesystems ...)"
+ echo "Run 'mkinitcpio -p linux' afterwards to generate the new initramfs"
+ echo ""
+ echo "Hint: This hook replaces the commonly known encrypt and encryptssh hooks so"
+ echo " you might want to remove those hooks if present"
+ echo ""
+ echo ""
+
+ sleep 10
+} \ No newline at end of file