Re: entering geli passphrase only once at FreeBSD boot
Date: Sun, 09 Jan 2022 13:07:12 UTC
On Sun, Jan 9, 2022 at 1:25 PM Steve O'Hara-Smith <steve@sohara.org> wrote: > On Sun, 9 Jan 2022 10:00:51 +0000 > Taceant Omnes <taceant@gmail.com> wrote: > > > Is there a way to enter the passphrase only once in FreeBSD that does > > not involve storing it in a file? > > My solution was to log in after boot and run a script - less than > elegant but possible to do remotely if I was away during a power outage > (happened once). I've since given up on using encrypted drives, after a > scare when one drive became inaccessible after an outage due to geli > errors. > > Another option would be to run something in rc.local that disables > getty on the console and uses /dev/ttyv0 directly which forces it to be > done by someone with physical access. A very flashy (pun intended) option > would be to put the key on a USB stick and do some devd magic to spot it > and do the necessary before talking out of the speaker. > > -- > Steve O'Hara-Smith <steve@sohara.org> > My idea is to use square barcode for such requirements with a square barcode reader . Up to now I could not find an opportunity to do it . There are programs to draw a square barcode from a given character string and printing it is possible . I am not a user of new generation cell phones , but I think it may be possible to use a cell phone to generate , store and show the square barcode to the required square barcode reader . If the square barcode name is not self-revealing , it is likely that no one will be able to understand what it is about . Perhaps there are other possibilities for such an approach ? Just an alternative idea ... With my best regards , Mehmet Erol Sanliturk