From nobody Sun Jan 9 13:07:12 2022 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 58652193B164 for ; Sun, 9 Jan 2022 13:07:56 +0000 (UTC) (envelope-from m.e.sanliturk@gmail.com) Received: from mail-wm1-x336.google.com (mail-wm1-x336.google.com [IPv6:2a00:1450:4864:20::336]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JWy1S1pBfz3FFg for ; Sun, 9 Jan 2022 13:07:56 +0000 (UTC) (envelope-from m.e.sanliturk@gmail.com) Received: by mail-wm1-x336.google.com with SMTP id bg19-20020a05600c3c9300b0034565e837b6so4434951wmb.1 for ; Sun, 09 Jan 2022 05:07:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=+Sj0pBNLatrYgsyQeY4zPZ5/CwLybiO9A6Zl/x3bTAM=; b=cSIXMNlRIdYp9NZInGyYW1zJi/Fjt9k/f4TivYXuzbQz+gAK7gTkrY4S2/LdpdwFRT JZW/LLlTcir8nFTH4sXmdhUrErs3o6ELbdQLrArtEgAViA31HWgmEXC0tQKw8GdVxi7y IzfnbwvPn1HElHUfgrjIMBecPcLNDzeTWulWz1Q6pIT2ZJm1S4zZaFdSOh/30kLKi63V 6YcSmuyTUr70QCL6n8V4zX7/OJtn6t5P+3/OYi08R82ygPhcTuRxYC+F0cKeJnwTnAGu wMySGCtFt4TGJgzbhoXk3WoCYmSsWZYmqBOFDFoDlMhO8W5PAIRwMyaImwQUleNdsRgL cJcw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=+Sj0pBNLatrYgsyQeY4zPZ5/CwLybiO9A6Zl/x3bTAM=; b=4/KjIo8g8UVyZaJgw9hpoeRvfk2JxImufjctmw/EQHsxLn2SulqsvDieUu8Z25qNSn TGx1oWsH2/r7oHLXS5SxAnqxb1NUxKnpv4VUohs9Kc967NCS6+CCe+TpMGnHye9pH0jq K+gKjeaa/W4yw99sIQandefvxNXH0kKMC/juzNS201TZwxlo6kxys4k2QKTC2rS1mAQV 0ndje0VKRKyM1y9VZelX06Wmr7dkYer6B9ISQhIVNW1hgqBV+MVJ5TqtluvsAdWG5UPq +pH8jZa9EYeZywfmXCLaeFkqB6EItNCcZqQmdLgNCVT/rhYB2nXS4/nKI9JR6mGu23GK hYrQ== X-Gm-Message-State: AOAM5318Ck7rv5rjpM/o2I4pmFVTYuw96dlTzG5w7hle2aI44suNkyos VWcgr6Rv3yFi+WtnN3Ej81Az7H9ikE7GXxFY72U= X-Google-Smtp-Source: ABdhPJztrQu3iaBV4CJu9pvZhz+XWJEdDXQCRADW2c7OsueEaZTAaN1RWmm/Otu+9taLHXgJrXYetz5MeWVo6giWXBo= X-Received: by 2002:a7b:c0c1:: with SMTP id s1mr17787876wmh.176.1641733668461; Sun, 09 Jan 2022 05:07:48 -0800 (PST) List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 References: <20220109102339.45932ef6cf6f42daa3a1871d@sohara.org> In-Reply-To: <20220109102339.45932ef6cf6f42daa3a1871d@sohara.org> From: Mehmet Erol Sanliturk Date: Sun, 9 Jan 2022 16:07:12 +0300 Message-ID: Subject: Re: entering geli passphrase only once at FreeBSD boot To: "Steve O'Hara-Smith" Cc: Taceant Omnes , FreeBSD Questions Mailing List Content-Type: multipart/alternative; boundary="0000000000001fdf7a05d525e843" X-Rspamd-Queue-Id: 4JWy1S1pBfz3FFg X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; TAGGED_FROM(0.00)[] X-ThisMailContainsUnwantedMimeParts: N --0000000000001fdf7a05d525e843 Content-Type: text/plain; charset="UTF-8" On Sun, Jan 9, 2022 at 1:25 PM Steve O'Hara-Smith wrote: > On Sun, 9 Jan 2022 10:00:51 +0000 > Taceant Omnes wrote: > > > Is there a way to enter the passphrase only once in FreeBSD that does > > not involve storing it in a file? > > My solution was to log in after boot and run a script - less than > elegant but possible to do remotely if I was away during a power outage > (happened once). I've since given up on using encrypted drives, after a > scare when one drive became inaccessible after an outage due to geli > errors. > > Another option would be to run something in rc.local that disables > getty on the console and uses /dev/ttyv0 directly which forces it to be > done by someone with physical access. A very flashy (pun intended) option > would be to put the key on a USB stick and do some devd magic to spot it > and do the necessary before talking out of the speaker. > > -- > Steve O'Hara-Smith > My idea is to use square barcode for such requirements with a square barcode reader . Up to now I could not find an opportunity to do it . There are programs to draw a square barcode from a given character string and printing it is possible . I am not a user of new generation cell phones , but I think it may be possible to use a cell phone to generate , store and show the square barcode to the required square barcode reader . If the square barcode name is not self-revealing , it is likely that no one will be able to understand what it is about . Perhaps there are other possibilities for such an approach ? Just an alternative idea ... With my best regards , Mehmet Erol Sanliturk --0000000000001fdf7a05d525e843 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


On Sun, Jan 9, 2022 = at 1:25 PM Steve O'Hara-Smith <s= teve@sohara.org> wrote:
On Sun, 9 Jan 2022 10:00:51 +0000
Taceant Omnes <ta= ceant@gmail.com> wrote:

> Is there a way to enter the passphrase only once in FreeBSD that does<= br> > not involve storing it in a file?

=C2=A0 =C2=A0 =C2=A0 =C2=A0 My solution was to log in after boot and run a = script - less than
elegant but possible to do remotely if I was away during a power outage
(happened once). I've since given up on using encrypted drives, after a=
scare when one drive became inaccessible after an outage due to geli errors= .

=C2=A0 =C2=A0 =C2=A0 =C2=A0 Another option would be to run something in rc.= local that disables
getty on the console and uses /dev/ttyv0 directly which forces it to be
done by someone with physical access. A very flashy (pun intended) option would be to put the key on a USB stick and do some devd magic to spot it and do the necessary before talking out of the speaker.

--
Steve O'Hara-Smith <steve@sohara.org>



My idea is to use=C2=A0 square barcode for = such requirements with a square barcode
reader . Up to = now I could not find an opportunity to do it .

There are programs to draw a square barcode from a given character s= tring and
printing it is possible . I am not a user of new g= eneration cell phones , but I
think it may be possible to us= e a cell phone to generate , store and show the square
= barcode to the required square barcode reader .=C2=A0 If the square barcode= name is not self-revealing , it is likely that no one will be able to unde= rstand what it is about .

Perhaps th= ere are other possibilities for such an approach ?

Just an alternative idea ...

=

With my best regards ,



Mehmet Erol = Sanliturk



=




<= /div>


=C2=A0
--0000000000001fdf7a05d525e843--