View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0005584 | Kali Linux | Kali Package Bug | public | 2019-07-09 13:21 | 2020-02-10 17:39 |
Reporter | 2raziel3 | Assigned To | |||
Priority | high | Severity | major | Reproducibility | always |
Status | closed | Resolution | open | ||
Product Version | 2019.2 | ||||
Summary | 0005584: Cryptroot-unlock Timeout on askpass | ||||
Description | Package: cryptsetup Error message is; Command run is; kernel is; C version; I am pretty sure that the upgrade from cryptsetup 2:2.0.6 to the version above caused this issue. | ||||
Steps To Reproduce | this is my full procedure, sorry its a little long. Objective Guide ~ # blkid ~ # mount -t iso9660 /dev/sdb1 /cdrom select Detect and mount CD-rom MAKE SURE YOU DO NOT FORCE UEFI on partition disks select; apt-get update && apt-get -y dist-update && apt-get -y autoremove note: this will take a whileWireshark prompt = no apt-get install busybox dropbear dropbear-initramfs You will get a warning here as it completes: dropbear: WARNING: Invalid authorized_keys file, remote unlocking of cryptroot via SSH won’t work!, nano /etc/initramfs-tools/initramfs.conf cd /etc/dropbear-initramfs/ Add the deployment server public key to the authorized_keys. we now want to limit what can be done in this shell so we edit the authorized_keys as follows; we can set dropbear to start we change the port that dropbear listens on from 22 so that we do not get a MitM warning due to conflicts with openSSH we need to enable root ssh access; systemctl restart ssh.service we need to disable Screen Lock, power saving and Automatic suspend wget --no-check-certificate \ "https://gist.githubusercontent.com/gusennan/712d6e81f5cf9489bd9f/raw/fda73649d904ee0437fe3842227ad8ac8ca487d1/crypt_unlock.sh" \ make sure the script ends in a single new line after fi (sometimes does not copy properly) not chmod +x /etc/initramfs-tools/hooks/crypt_unlock.sh update-initramfs -u systemctl disable dropbear reboot first re-boot might take a while the cryptodog should seem to hang on; from the control server you should now be able to ssh to the CryptoDog using; It is at this point that we run the cryptroot-unlock command and get the timeout for askpass. what should happen is it prompts for the password and upon entering the password your device decrypts/boots. | ||||
Quick question: do you have cryptsetup-nuke-password installed in your system? If yes, you must be aware that it hijacks the "askpass" executable provided by cryptsetup. It might related. See http://gitlab.com/kalilinux/packages/cryptsetup-nuke-password It might be interesting to know if your problem is introduced by the presence of cryptsetup-nuke-password or simply because we switched to cryptsetup 2.1. So maybe try again after having removed cryptsetup-nuke-password ? |
|
Due to the age of the OS (Kali Moto [v1], Kali Safi [v2], Kali Rolling <= 2019.2), these legacy versions are no longer supported. Please could you see if you are able to replicate this issue with the latest version of Kali Linux - https://www.kali.org/downloads/? If you are still facing the same problem, feel free to re-open the ticket. If you choose to do this, could you provide more information to the issue you are facing, and also give information about your setup? |
|