使用 Dropbear 解锁 Cryptroot 后 NetworkManager 将无法管理接口

tag-icon tag-icon ssh network-manager initramfs cryptroot
使用 Dropbear 解锁 Cryptroot 后 NetworkManager 将无法管理接口

我正在运行一台装有 Ubuntu 20.04 的计算机,该计算机的根分区已加密。由于我希望能够通过网络解锁计算机,因此我尝试使用 Dropbear 来实现此目的(具体操作请参见下文)。现在我遇到的问题是,一旦计算机启动,NetworkManager 就会拒绝连接到有线网络,在日志中我看到以下错误。

NetworkManager[9449]: <info>  [1591297428.2491] audit: op="connection-add-activate" pid=3815 uid=1000 result="fail" reason="Connection 'Kabelgebundene Verbindung 1' is not available on device enp3s0 because device is strictly unmanaged"

sudo nmcli给我

~$ LANG=C sudo nmcli 
enp3s0: unmanaged
        "Realtek RTL8111/8168/8411"
        ethernet (r8169), AC:22:0B:74:FF:F3, hw, mtu 1500

enp4s0: unmanaged
        "Realtek RTL8111/8168/8411"
        ethernet (r8169), C4:6E:1F:04:8C:BD, hw, mtu 1500

lo: unmanaged
        "lo"
        loopback (unknown), 00:00:00:00:00:00, sw, mtu 65536

因此,似乎自从网络在 initramfs 中设置后,NetworkManager 就拒绝管理接口。这似乎不仅影响用于 ssh 的接口,还影响 enp4s0 和环回设备。

您对如何修复此问题有什么建议吗?或者有没有其他方法可以通过 ssh 解锁 cryptroot 而不会出现此问题?

我通过 ssh 启用 cryptroot 解锁的方法

sudo apt install busybox dropbear

/etc/initramfs-tools/initramfs.conf改为并添加BUSYBOX=autoBUSYBOX=yDROPBEAR=y

然后我将authorized_keys文件复制到/etc/dropbear-initramfs/

最后我改用NO_START=1inNO_START=0/etc/default/dropbear使用重建 initramfssudo update-initramfs -u

问题更新 的输出sudo journalctl -b 0 /usr/sbin/NetworkManager

-- Logs begin at Mon 2020-05-25 11:17:50 CEST, end at Mon 2020-06-08 10:44:15 CEST. --
Jun 08 10:41:45 lukas-desktop NetworkManager[1206]: <info>  [1591605705.9675] NetworkManager (version 1.22.10) is starting... (for the first time)
Jun 08 10:41:45 lukas-desktop NetworkManager[1206]: <info>  [1591605705.9675] Read config: /etc/NetworkManager/NetworkManager.conf (lib: 10-dns-resolved.conf, 10-globally-managed-devices.conf, 20-connectivity-u>
Jun 08 10:41:45 lukas-desktop NetworkManager[1206]: <warn>  [1591605705.9676] config: unknown key 'wifi.cloned-mac-address' in section [device-mac-addr-change-wifi] of file '/usr/lib/NetworkManager/conf.d/no-ma>
Jun 08 10:41:45 lukas-desktop NetworkManager[1206]: <warn>  [1591605705.9676] config: unknown key 'ethernet.cloned-mac-address' in section [device-mac-addr-change-wifi] of file '/usr/lib/NetworkManager/conf.d/n>
Jun 08 10:41:45 lukas-desktop NetworkManager[1206]: <info>  [1591605705.9863] bus-manager: acquired D-Bus service "org.freedesktop.NetworkManager"
Jun 08 10:41:46 lukas-desktop NetworkManager[1206]: <info>  [1591605706.0014] manager[0x55d085fd8040]: monitoring kernel firmware directory '/lib/firmware'.
Jun 08 10:41:46 lukas-desktop NetworkManager[1206]: <info>  [1591605706.0014] monitoring ifupdown state file '/run/network/ifstate'.
Jun 08 10:41:46 lukas-desktop NetworkManager[1206]: <info>  [1591605706.3059] hostname: hostname: using hostnamed
Jun 08 10:41:46 lukas-desktop NetworkManager[1206]: <info>  [1591605706.3060] hostname: hostname changed from (none) to "lukas-desktop"
Jun 08 10:41:46 lukas-desktop NetworkManager[1206]: <info>  [1591605706.3062] dns-mgr[0x55d085fbd290]: init: dns=systemd-resolved rc-manager=symlink, plugin=systemd-resolved
Jun 08 10:41:46 lukas-desktop NetworkManager[1206]: <info>  [1591605706.3064] manager[0x55d085fd8040]: rfkill: Wi-Fi hardware radio set enabled
Jun 08 10:41:46 lukas-desktop NetworkManager[1206]: <info>  [1591605706.3064] manager[0x55d085fd8040]: rfkill: WWAN hardware radio set enabled
Jun 08 10:41:46 lukas-desktop NetworkManager[1206]: <info>  [1591605706.3131] Loaded device plugin: NMBluezManager (/usr/lib/x86_64-linux-gnu/NetworkManager/1.22.10/libnm-device-plugin-bluetooth.so)
Jun 08 10:41:46 lukas-desktop NetworkManager[1206]: <info>  [1591605706.3147] Loaded device plugin: NMWifiFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/1.22.10/libnm-device-plugin-wifi.so)
Jun 08 10:41:46 lukas-desktop NetworkManager[1206]: <info>  [1591605706.3166] Loaded device plugin: NMTeamFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/1.22.10/libnm-device-plugin-team.so)
Jun 08 10:41:46 lukas-desktop NetworkManager[1206]: <info>  [1591605706.3173] Loaded device plugin: NMAtmManager (/usr/lib/x86_64-linux-gnu/NetworkManager/1.22.10/libnm-device-plugin-adsl.so)
Jun 08 10:41:46 lukas-desktop NetworkManager[1206]: <info>  [1591605706.3179] Loaded device plugin: NMWwanFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/1.22.10/libnm-device-plugin-wwan.so)
Jun 08 10:41:46 lukas-desktop NetworkManager[1206]: <info>  [1591605706.3182] manager: rfkill: Wi-Fi enabled by radio killswitch; enabled by state file
Jun 08 10:41:46 lukas-desktop NetworkManager[1206]: <info>  [1591605706.3183] manager: rfkill: WWAN enabled by radio killswitch; enabled by state file
Jun 08 10:41:46 lukas-desktop NetworkManager[1206]: <info>  [1591605706.3184] manager: Networking is enabled by state file
Jun 08 10:41:46 lukas-desktop NetworkManager[1206]: <info>  [1591605706.3185] dhcp-init: Using DHCP client 'internal'
Jun 08 10:41:46 lukas-desktop NetworkManager[1206]: <info>  [1591605706.3200] settings: Loaded settings plugin: ifupdown ("/usr/lib/x86_64-linux-gnu/NetworkManager/1.22.10/libnm-settings-plugin-ifupdown.so")
Jun 08 10:41:46 lukas-desktop NetworkManager[1206]: <info>  [1591605706.3200] settings: Loaded settings plugin: keyfile (internal)
Jun 08 10:41:46 lukas-desktop NetworkManager[1206]: <info>  [1591605706.3201] ifupdown: management mode: unmanaged
Jun 08 10:41:46 lukas-desktop NetworkManager[1206]: <warn>  [1591605706.3202] ifupdown: interfaces file /etc/network/interfaces doesn't exist
Jun 08 10:41:46 lukas-desktop NetworkManager[1206]: <info>  [1591605706.3216] device (lo): carrier: link connected
Jun 08 10:41:46 lukas-desktop NetworkManager[1206]: <info>  [1591605706.3218] manager: (lo): new Generic device (/org/freedesktop/NetworkManager/Devices/1)
Jun 08 10:41:46 lukas-desktop NetworkManager[1206]: <info>  [1591605706.3222] device (enp3s0): carrier: link connected
Jun 08 10:41:46 lukas-desktop NetworkManager[1206]: <info>  [1591605706.3225] manager: (enp3s0): new Ethernet device (/org/freedesktop/NetworkManager/Devices/2)
Jun 08 10:41:46 lukas-desktop NetworkManager[1206]: <info>  [1591605706.3236] manager: (enp4s0): new Ethernet device (/org/freedesktop/NetworkManager/Devices/3)
Jun 08 10:41:46 lukas-desktop NetworkManager[1206]: <warn>  [1591605706.3247] Error: failed to open /run/network/ifstate
Jun 08 10:41:46 lukas-desktop NetworkManager[1206]: <info>  [1591605706.3294] modem-manager: ModemManager available
Jun 08 10:41:46 lukas-desktop NetworkManager[1206]: <info>  [1591605706.3295] manager: startup complete
Jun 08 10:42:16 lukas-desktop NetworkManager[1206]: <info>  [1591605736.0553] agent-manager: agent[d99b11357d82f71a,:1.68/org.gnome.Shell.NetworkAgent/1000]: agent registered
Jun 08 10:43:57 lukas-desktop NetworkManager[1206]: <info>  [1591605837.3307] audit: op="connection-add-activate" pid=1927 uid=1000 result="fail" reason="Connection 'Kabelgebundene Verbindung 1' is not availabl>

答案1

我点击了它并开始阅读网络initramfs-tool脚本。注意到它正在添加条目,/run/netplan/<network-device>.yaml这引导我到达这里:什么正在创建 /run/netplan/eth0.yaml?虽然原始海报通过/etc/initramfs-tools/scripts/init-bottom删除添加的文件的脚本解决了问题,但我采纳了第一个答案的建议并执行以下操作:

cd /etc/netplan
sudo ln -s 1-network-manager-all.yaml z-1-network-manager-all.yaml

以确保该文件中的密钥能够覆盖任何内容,/run/netplan/<netowrk-device>.yaml 我希望这会有所帮助。

相关内容