blob: 1c6af8c3ba75f709cfdcbbf0e226dcffc43fa662 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
post_install() {
echo ""
echo ""
echo "################################################"
echo "##### #####"
echo "##### Hints on configuring knockencryptssh #####"
echo "##### #####"
echo "################################################"
echo ""
echo "Modify the configuration at /etc/knockencryptssh/knockencryptssh.conf"
echo ""
echo " [knockencryptssh]"
echo " keyfile: Filename of the keyfile that'll be transferred"
echo " tempdir: Temporary directory where knockd will put it's knock alerts and"
echo " knockencryptssh will pick them up"
echo ""
echo ""
echo "Modify the configuration at /etc/knockencryptssh/knockd.conf"
echo ""
echo " [options]"
echo " interface: specify the interface knockd should listen on"
echo ""
echo " [knockKeyfile]"
echo " sequence: specify the port sequence that marks a knock for keyfile"
echo " transmission, this should be a port that your SSH server (e.g."
echo " dropbear or tinyssh) does not listen on"
echo ""
echo " [knockPassphrase]"
echo " sequence: specify the port sequence that marks a knock for passphrase"
echo " entry, this should usually be the standard port your SSH server"
echo " (e.g. dropbear or tinyssh) listens on"
echo ""
echo ""
echo "Don't forget to add the knockencryptssh hook after netconf and "
echo "<your SSH server hook> (e.g. dropbear or tinyssh) but before lvm2 in your"
echo "/etc/mkinitcpio.conf so it'll look like:"
echo " HOOKS=(base ... netconf dropbear knockencryptssh lvm2 filesystems ...)"
echo "Run 'mkinitcpio -p linux' afterwards to generate the new initramfs"
echo ""
echo "Hint: This hook replaces the commonly known encrypt and encryptssh hooks so"
echo " you might want to remove those hooks if present"
echo ""
echo ""
sleep 10
}
|