Hi everyone,
Is there any way to use disk encryption without having physical access to the
device?
A few potential ideas:
- is there a way to enter the encryption passphrase via ssh?
- is there a way to create a non encrypted partition on the same hard drive,
where the keydisk would be stored,
Thanks all for your thoughts.
Regarding the remote serial console access, unfortunately, it is not
possible in my case.
I do not have IPMI or something similar :(
On Mon, 27 May 2024 at 08:17, Manuel Giraud <
manuel_at_ledu-giraud_fr_rmp93abv53d47h_m6783...@icloud.com> wrote:
> Stefan Kreutz wr
Hi all,
How can I choose the blocks parametres in the command:
fdisk -gy -b blocks disk
The man page does not indicate how to make an informed choice. I couldn’t find
relevant help on the internet.
Thanks!
Hi all,
on my main hard drive, I have a partition `p` that I have encrypted in the
following way:
$bioctl -c C -l sd0p softraid0
-> This created the sd1 pseudo-device, on which I ran the following:
$fdisk -g sd1
$disklabel -E sd1 # created partition i, to take all the space. This is the
uniq
Thanks Kirill.
Yes, I saw that, but in my case, FAT32 is not the file format that I am
using to encrypt the partition. The partition is on an SSD with 4.2BSD
filesystem.
On Thu, 30 May 2024 10:06:11 +0100,
> >
> > How can I choose the blocks parametres in the command:
> >
> > fdisk -gy -b blocks
Hi all,
When openBSD runs my processor at 100%, it makes a noise. Interestingly, when
in bios, this noise does not appear.
To get rid of the noise I call sysctl with this:
sysctl hw.perfpolicy=manual
sysctl hw.setperf=99
The problem is, at the beginning of boot, openBSD runs the processor with
From my reading of /etc/rc, it seems that at shutdown or reboot, the OS will
automatically unmount everything.
So that will unmount my encrypted partition.
However, it does not run bioctl -d sd* for the pseudo-device.
So I guess the question become, is it a problem to exit the system without
d
Hi all,
I use the following terminal:
echo $TERM
xterm-256color
when in my ~/.profile I do:
export EDITOR=nano
everything works well.
However, if I do
export EDITOR=vim
then when I ssh into the machine, up and down arrow in the terminal do not work
anymore (it does not give me access to p
Hi all,
Is there any downside is using the nopass option of doas, for a single user
machine?
It's a machine that I access to only via ssh, with an identity file.
In what way would it increase the attack surface to do so?
Thanks,
Jake
Hi all,
I am trying to run Debian 12 under VMM.
I can see on the email from 2024-04-02 that Bruce managed to make it work, but
I don't know how.
The crux of the issue is that the Debian ISO installer does not seem to work
under serial console.
Here's what I did:
/etc/vm.conf
vm "vm1" {
Greetings,
I am running Debian 12 under VMM, on OpenBSD 7.5.
Whenever I am using the arrows (to retrieve previous history or simply to move
left or right), there is a long random sleep, of 5 to 10 seconds. Sometimes
more.
Does anybody know what could be the issue?
Inside the VM, the term is v
Thank you Dave and Bruce.
This worked for me:
boost install gfxpayload=text console=ttyS0,115200n8
The critical part was that I had to type it and not copy paste it.
For some reasons, I have problems on the terminal of the VM. I can't copy paste
it correctly, nor use the arrows without glitch.
Hi Manuel,
this was tricky. First I had to clear out the screen with CTRL+L.
Then I had to use the arrows up and down, and this makes a menu appear.
Then you choose Help, and you enter the boot commands.
I had to go through a few trials and errors. Patience is key ;)
Good luck
> On 14 Jun 2024
Great to hear!
The combined power of OpenBSD and Debian is now yours, use it wisely ;)
> On 17 Jun 2024, at 18:56, Manuel Giraud wrote:
>
>
>> Hi Manuel,
>>
>> this was tricky. First I had to clear out the screen with CTRL+L.
>>
>> Then I had to use the arrows up and down, and this makes a
Hi all,
I have removed my second drive away from /etc/fstab and I am now manually
mounting it as needed.
I believe this means there is no automatic fsck check ran, and that feels like
a bad thing.
I was thinking I should run the same fsck check when I manually mount my drive.
How can I manual
Hi all!
I want to setup a dual boot system, with 2 OpenBSD system, and I wanted to run
it past you guys, to see if the idea makes sense (and make sure I implement it
correctly).
It is for a system that I will not be able to access physically easily.
So I bought 2 drives.
My idea is:
- Instal
I don't use RAID1 because the disks have vastly different capacity (one is 4
times the size of the other).
> On 17 Jul 2024, at 00:34, Benjamin Stürz
> wrote:
>
> On 7/16/24 10:57 PM, 04-psyche.tot...@icloud.com wrote:
>> Hi all!
>> I want to setup a dual boot system, with 2 OpenBSD system, an
Thanks a lot to you 3 for your thoughts.
RAID1 on the overlapping capacity: I don't like that idea much because RAID1
has an extra cost where any modification on disk1 will be performed on disk2. I
want to reap the benefits of having disk1 for the OS and disk2 for data. That
makes the overall s
Hi all,
I have a machine that will be placed in a remote location, and have no physical
access to. The connection will be made through ssh only.
I'd like to make it as resilient to failure as possible.
A big concern to me is for a disk failure to happen (say a power outage), and
the machine to
Thanks Crystal, unfortunately for this specific case, adding another machine to
the same network is not an option.
> On 24 Jul 2024, at 11:11, Crystal Kolipe wrote:
>
> On Wed, Jul 24, 2024 at 09:04:17AM +0100, 04-psyche.tot...@icloud.com wrote:
>> Alternatively, is there a way to have ssh acce
Thanks Stuart for all these thoughts. That's a lot of great ideas.
Let me try to clarify a few things:
- change `do_fsck` to `do_fsck -y`
-
I assume you mean Line 410. That seems like a great idea.
Do I understand correctly that the normal behaviour
Thanks Matthew, that's helpful. I will look into that.
Hi all,
I am working on a wireguard network.
I have a setup like this:
serverA (10.0.0.0) => serverB (10.0.0.1) => serverC (10.0.0.2)
- serverA connects to serverB with AllowedIPs = 0.0.0.0/0
- serverB connectes to serverC with AllowedIPs = 0.0.0.0/0
I cannot access serverC directly from serve
Hi Crystal,
Yes, both server A and C can access serverB, which has a fixed, public IP.
Thanks for the advice. I can make it work for only ssh’ing into either machine,
but not for using all internet via serverC’s connection, from serverA.
I believe the wireguard configuration will use allowedIPs
Hi David,
thanks for your help.
Currently, serverB has only 1 wireguard interface, which contains both peers
(serverA and serverC). It is no issue to create a second wireguard interface
though.
In the configuration you propose (I think there is a typo and the third config
is for serverC), I d
Hi all,
I am failing at a basic routing.
I have included this rule in my pf.conf:
pass out quick proto udp from any to any port 51820 route-to 192.168.1.254
I thought this would be force egress traffic with destination port 51820 to use
192.168.1.254 as a gateway, instead of the default gatew
That makes perfect sense, thank you. I have deleted vda2 and vda5. I agree with
you, no need for a swap partition. Swap files are working well.
On 12 Feb 2025, at 06:18, Atanas Vladimirov wrote:
On 2025-02-12 01:00, 04-psyche.tot...@icloud.com wrote:
Hi all,
I run a Debian VM on an openBSD sys
I am now able to make it work, though it was through trial and errors, so I'll
appreciate any help in understanding why my solution works!
If my configuration is like this, it all works fine:
block all
pass out inet all keep state
# Config to allow virtual Machine VMM to access the internet
DNS
Hi all,
I have setup a virtual machine on my openbsd box, following the guide
https://www.openbsd.org/faq/faq16.html#VMMnet
I have trouble configuring pf to give the the VM access to the internet.
If my /etc/pf.conf contains the following lines, I don't have access to the
internet from the VM:
29 matches
Mail list logo
