Date: Sun, 9 Jan 2022 10:23:39 +0000 From: Steve O'Hara-Smith <steve@sohara.org> To: Taceant Omnes <taceant@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: entering geli passphrase only once at FreeBSD boot Message-ID: <20220109102339.45932ef6cf6f42daa3a1871d@sohara.org> In-Reply-To: <CAKkGsYKyPt5OfYVH5L=83yqzeHvkyMaU6oZH_0WzRFrWRKsXSw@mail.gmail.com> References: <CAKkGsYKyPt5OfYVH5L=83yqzeHvkyMaU6oZH_0WzRFrWRKsXSw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 9 Jan 2022 10:00:51 +0000 Taceant Omnes <taceant@gmail.com> wrote: > Is there a way to enter the passphrase only once in FreeBSD that does > not involve storing it in a file? My solution was to log in after boot and run a script - less than elegant but possible to do remotely if I was away during a power outage (happened once). I've since given up on using encrypted drives, after a scare when one drive became inaccessible after an outage due to geli errors. Another option would be to run something in rc.local that disables getty on the console and uses /dev/ttyv0 directly which forces it to be done by someone with physical access. A very flashy (pun intended) option would be to put the key on a USB stick and do some devd magic to spot it and do the necessary before talking out of the speaker. -- Steve O'Hara-Smith <steve@sohara.org>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20220109102339.45932ef6cf6f42daa3a1871d>