Handle command line argument value from in-memory / inject content instead of use cli argument

command-line ssh bash linux luks

Is there a way to handle command line arguments from in-memory? My concrete problem is, I have a volume encrypted with luks, with a detached header file.

Setup as following:

  • workstation
  • server

I don't want to store the header file on the the server, so I keep it on workstation. When I want to decrypt the luks volume, I want to issue a simple ssh command from the other machine, without storing the header file on the server For example:

sh
ssh [email protected] "cryptsetup luksOpen /dev/mdx/ --header=... volume1"

Is there a way to keep the header file locally on workstation, and only transfer the content of the file over the ssh connection, which are handled on the server side and treated as local file argument?

The problem here (as I understand it), is that cryptsetup opens and reads the file specified as --header. Is there a Linux/UNIX way to fake this, and "push/inject" the content of the file into the command?

Currently I'm using a USB stick, where the header is stored.

I hope it's clear what I want, English is not my native language, perhaps something got lost in translation.

EDIT: What about a temp/ram-fs where is store/copy the file to after each reboot? I just discoverd that there is default tempfs, /dev/shm is it safe to use it?


Solution 1:

The /dev/shm file system is designed for shared memory. As explained in this Cyberciti article:

/dev/shm is nothing but implementation of traditional shared memory concept. It is an efficient means of passing data between programs. One program will create a memory portion, which other processes (if permitted) can access. This will result into speeding up things on Linux.

Just like /tmp which is also a tmpfs file system on modern Linuxes, anything you store there will be kept in memory and will be deleted on reboot. However, I don't know of any reason why you can't use /dev/shm for storing files that you want to have accessible. And I can confirm that in the place I work, we regularly use /dev/shm on our production systems to store a set of files that will be used by many programs and which are created on each boot.

So I would say you can go right ahead and store the file there on every boot if that is a working solution to your problem.

Solution 2:

You may be able to use process substitution, <(command). This is replaced with a transient filename that represents a pipe containing the output of the command.

ssh [email protected] cryptsetup luksOpen /dev/mdx/ --header=<(cat) volume1 < /path/to/headerfile

Related

Let $X,Y,Z$ be independent discrete random variables. Calculate $P(X<Y<Z)$
The median minimizes the sum of absolute deviations (the ℓ2 norm) [duplicate]
Proving kerT is a subspace of V. and rangeT is a subspace of W.
Complex Numbers Obtained Two Different Ways
Are unitarily and orthogonally diagonalizable equivalent over the complex numbers $\mathbb{C}$?
Hierarchical queries with Mongo using $graphLookup
Type mismatch on abstract type used in pattern matching
numpy: efficiently summing with index arrays
Re-associating an object with its class after deserialization in Node.js
Microsoft office Access `LIKE` VS `RegEx`
How to Output Unicode Strings on the Windows Console
Launch4J - how to attach dependent jars to generated exe