| You are rocking my world. :D When I first started switching my VPSs to having full disk encryption, I think it was around lenny though it might have been squeeze. Anyway, me and another peer thought it would be good practice to, while we figured we'd never cover every possible surface, find a standard deployment for debian VMs where even though we have no physical access to the hosts, wherever possible minimized the ability of an employee at a hosting company accessing our precious, precious bits. The memory hadn't come back when I wrote my first comment, but one of the ideas we had at the time was shoving sshd inside the initrd! But we concluded it would be hard -- involving not only making a static build of sshd (which I did some eons ago when I had foolish opinions concerning /bin /usr/bin) but also probably trimming code away from it or adding executable compression, and modifying the initrd creation scripts....either way -- too much complexity. So I went the route previously described. Now I learn that not only is there an ssh implementation which i can statically link into a tiny binary (which helps some other projects...), but someone went threw the trouble of making a modified initrd package with it! Fantastic. Look for an email from me soon offering help on a specific project I noticed on your github... I'm well aware of building my own scripts that use chroot/pivot_root tricks -- I personally like using them for making small boxes that run everything from ram and keep no persistent state. But just out of random curiosity, what's the advantage of using OpenWRT? |
I can't remember the exact reason, maybe it was because then the "bootloader" is completely decoupled from the main OS which makes upgrading kernels etc easier. It was about 5 years ago I set it up.
I should add, all the Debian initramfs work has been contributed by various people over the years - full credit to people such as the Debian maintainers, currently Guilhem Moulin.