{"id":20534592,"url":"https://github.com/qbit/remote-unlock","last_synced_at":"2025-04-14T06:54:07.400Z","repository":{"id":54895627,"uuid":"277938622","full_name":"qbit/remote-unlock","owner":"qbit","description":"A tool to allow remote unlock of OpenBSD crypto volumes.","archived":false,"fork":false,"pushed_at":"2021-01-21T16:18:00.000Z","size":7,"stargazers_count":14,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-27T20:41:12.192Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"isc","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/qbit.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-07-07T22:54:35.000Z","updated_at":"2024-11-06T12:58:45.000Z","dependencies_parsed_at":"2022-08-14T06:00:53.328Z","dependency_job_id":null,"html_url":"https://github.com/qbit/remote-unlock","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qbit%2Fremote-unlock","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qbit%2Fremote-unlock/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qbit%2Fremote-unlock/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qbit%2Fremote-unlock/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/qbit","download_url":"https://codeload.github.com/qbit/remote-unlock/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248837281,"owners_count":21169374,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-16T00:27:27.270Z","updated_at":"2025-04-14T06:54:07.369Z","avatar_url":"https://github.com/qbit.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"remote-unlock\n=============\n\n`remote-unlock` allows one to unlock a CRYPTO discipline remotely via OpenSSH.\n\nIt does this by starting up an `sshd` process which listens on a non-standard\nport (2332 by default). This `sshd` instance is also configured to ignore\ndefault authorized_keys files.\n\n`/etc/remote-unlock.conf` contains information on the CRYPTO volume,\ndestination mount point, fsck options and finally the public key(s) to grant\naccess to unlock the volume.\n\nThis tool will not work with FDE. The CRYPTO discipline must be on a non-booting\npartition or drive.\n\n\n## Example `/etc/remote-unlock.conf`\n\n```\nCRYPT_DEV=4a58c59032e7fdb1.a\nCRYPT_MOUNT=/mnt\n\nFSCK_OPTS=-y\n\nMOUNT_DEV=9720bbfacf0d1363.a\nMOUNT_OPTS=nodev,nosuid,softdep\n\nSSH_AUTHORIZED_KEY=\"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIA7khawMK6P0fXjhXXPEUTA2rF2tYB2VhzseZA/EQ/OtAAAAC3NzaDpncmVhdGVy\"\n```\n\n# Setup\n\n## Installation\n\n```\ngit clone ....\ncd remote-unlock \u0026\u0026 doas make install\n```\n\nNow create your configuration. Device UUIDs can be found by running `disklabel\nsdX` (where X is your device number).\n\n\nNext create the `remote-unlock` specific `sshd` config:\n\n```\n/sbin/remote-unlock init\n```\n\n## Running on boot\n\nCalling `remote-unlock` with the `listen` option will fire up `sshd`. After a\nsuccessful unlock, the `sshd` process will be killed.\n\n```\necho \"/sbin/remote-unlock listen\" \u003e\u003e /etc/rc.local\n```\n\nAfter the next reboot, a new `sshd` should be listening on port 2332. A\nsuccessful connection with your configured public keys should drop you to the\n`bioctl` password prompt!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fqbit%2Fremote-unlock","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fqbit%2Fremote-unlock","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fqbit%2Fremote-unlock/lists"}