0

I've installed CentOS 6.2, encrypting my swap partition and my /home. I'm trying to configure my server to run headless; I'd like it boot and push all of its boot spew to whoever is connected to it that has appropriate access privileges (users in the sudoers list).

There are two problems here:

  • How do I delay CentOS asking me to provide a password for swap? It pushes a modal dialog to the monitor, which shatters my dreams of headless boot.

  • How do I get CentOS to start up an SSH server process and push all the boot spew to whoever is connected (if someone is connected)? Someone mentioned DropBear to me. I looked at it and still wasn't sure how to configure this.

John Gardeniers
  • 27,458
  • 12
  • 55
  • 109
Son of the Wai-Pan
  • 757
  • 4
  • 11
  • 25

2 Answers2

3

SSH is configured and enabled by default on centos, 'boot spew' wont be available over ssh, as ssh isnt started until very late in the boot process, certainly after 'network' is started.

You need a remote server management card, to see and interact with the 'boot spew'. Sun servers have ilom cards, HP servers ILO, Dell has Remote access card... etc.

You can run a headless server fine without one of these cards, it just means someone will have to go into the datacenter and attach keyboard/video/mouse if anything goes wrong.

Sirch
  • 5,785
  • 4
  • 20
  • 36
  • ...or one could use a serial console, – EEAA May 21 '12 at 12:48
  • Indeed, but I've never really found pleasure in x86 serial consoles, it requires the OS to be up. Consoles should work for out of band management, or not worth the effort, in my opinion. – Sirch May 21 '12 at 13:16
  • Great answer. Is there a way to delay mounting /swap? My system has 2 GB of RAM; I assuming that /swap won't be needed that early (if at all). I'd like to be able to boot without swap (or have an unencrypted portion of the boot partition hold /swap) and then switch to the encrypted partition AFTER ssh starts (I'm thinking at that point the OS can ask me to mount and use the /swap partition after I authenticate). – Son of the Wai-Pan May 22 '12 at 23:46
0

Is your memory also encrypted? If not, does it make sense to encrypt your swap-partition? You can encrypt your home directory according to the Ubuntu Encrypted Home Guide instead of running the entire partition as an ecrypted file system.

pkhamre
  • 6,120
  • 3
  • 17
  • 27
  • Correct me if I'm wrong is that the whole point of swap being encrypted is so that if there's anything written to swap and the hard drive is taken unauthorized, there won't be any retrievable data there. – Son of the Wai-Pan May 22 '12 at 23:47
  • My mistake, did not think of that. – pkhamre May 25 '12 at 06:51