{"id":1217,"date":"2015-04-09T23:21:19","date_gmt":"2015-04-09T22:21:19","guid":{"rendered":"http:\/\/cyberelk.net\/tim\/?p=1217"},"modified":"2015-06-30T08:52:30","modified_gmt":"2015-06-30T07:52:30","slug":"headless-encrypted-boot-with-fedora-server","status":"publish","type":"post","link":"https:\/\/cyberelk.net\/tim\/2015\/04\/09\/headless-encrypted-boot-with-fedora-server\/","title":{"rendered":"Headless encrypted boot with Fedora Server"},"content":{"rendered":"

Here is a recipe for using encrypted boot on a Fedora Server system that does not have a monitor or keyboard attached during normal use.<\/p>\n

I’ll use Fedora 21 Server, and will have a dedicated encrypted volume group for data but leave the main operating system volume group unencrypted. The encryption key will be stored on a USB memory stick. When it is connected the system will boot normally; otherwise it will wait for a while for it to be connected and finally fall back to emergency mode.<\/p>\n

<\/p>\n

Installing<\/h3>\n

When installing, create a separate volume group in which to put the actual data volumes. To do that, select “I will configure partitioning” when setting up disk storage.
\n\"01-config-partitioning\"<\/a><\/p>\n

On the next page, allow the installer to create the mount points automatically: we’ll edit them next.
\n\"02-create-automatically\"<\/p>\n

Next, set up one of the mount points for the data volumes. In this example, I have used \/home<\/tt>.
\n\"03-home-lv\"<\/p>\n

In the screenshot above, I’ve decreased the size for the \/<\/tt> volume to make space for a new volume, then added one and set its mount point to \/home<\/tt>. It is currently in the automatically-created fedora-server<\/tt> volume group.<\/p>\n

Next, put this new volume in a volume group of its own by selecting \/home<\/tt> and choosing “Create a new volume group …” in the Volume Group drop-down.<\/p>\n

\"04-new-vg\"<\/p>\n

Give the new volume group a name (for example, “data”), and choose to have it encrypted by clicking on the checkbox.<\/p>\n

\"05-config-vg\"<\/a><\/p>\n

Once you have added the volumes you want and clicked Done, you will be asked to set a passphrase.
\n\"06-set-pw\"<\/a><\/p>\n

The summary of changes shows in more detail what will happen. You can see that a separate partition, vda3, will be the LUKS (encrypted) device, acting as an LVM physical volume: that’s for our data<\/tt> volume group.
\n\"07-summary\"<\/a><\/p>\n

Continue with the installation as normal and reboot when prompted. Don’t forget your passphrase!<\/p>\n

Prepare encryption key media<\/h3>\n

Now, find a USB memory stick, create an ext4 filesystem on it whose label is “Key”, and mount it at \/mnt\/key<\/tt>. For example:<\/p>\n

# mkfs.ext4 -L Key \/dev\/sdb1\r\n# mkdir \/mnt\/key\r\n# mount \/dev\/sdb1 \/mnt\/key\r\n<\/pre>\n
Place the encryption passphrase in \/mnt\/key\/data-key<\/tt> — note, it must not have a newline at the end. We can use read<\/tt> and printf<\/tt> for this: it serves the dual purpose of removing the newline and keeping the passphrase out of the shell’s history.<\/p>\n
# read -r a ; printf %s \"$a\" > \/mnt\/key\/data-key\r\n(enter passphrase, then press enter)\r\n# chmod 600 \/mnt\/key\/data-key\r\n# chcon -u unconfined_u -t unlabeled_t \/mnt\/key\/data-key\r\n<\/pre>\n
Next, edit \/etc\/fstab<\/tt> and add a line describing the filesystem we just made. Here is the line to add:<\/p>\n
LABEL=Key  \/mnt\/key  ext4  defaults,ro,x-systemd.device-timeout=60  0  0\r\n<\/pre>\n
While there, adjust the x-systemd.device-timeout<\/tt> value for \/home<\/tt> from 0 (no timeout) to 60 (seconds). These two timeouts ensure that, rather than waiting indefinitely, the system will fall back to emergency mode if the USB device is not present.<\/p>\n
Test the fstab changes by running umount \/mnt\/key<\/tt> and then mount \/mnt\/key<\/tt>. If all is well there will be no error messages.<\/p>\n
Now that the passphrase is stored away we need to specify its location so it can be retrieved at boot. To do this, edit \/etc\/crypttab<\/tt>. Change “none” at the end of that line so that it contains the passphrase filename:<\/p>\n
luks-... UUID=... \/mnt\/key\/data-key\r\n<\/pre>\n
At boot time, the filesystem will be mounted automatically in order to read the passphrase.<\/p>\n
Set up encrypted swap<\/h3>\n
We definitely want the swap partition to be encrypted, but it doesn’t need to be in the encrypted volume group. Why? Because a new key can be generated each boot and discarded on shutdown. To do that, edit \/etc\/crypttab<\/tt> again and add this line:<\/p>\n
cryptswap  \/dev\/mapper\/fedora--server-swap  \/dev\/urandom  swap\r\n<\/pre>\n
The \/dev\/mapper\/<\/tt> name must match the existing logical volume device mapper name: you can check it with “lsblk”.<\/p>\n
To actually use that mapped device, edit \/etc\/fstab<\/tt> and change the swap line to use \/dev\/mapper\/cryptswap<\/tt>:<\/p>\n
\/dev\/mapper\/cryptswap  swap  swap  defaults  0  0\r\n<\/pre>\n
No need to recreate initial ramdisk<\/h3>\n
At boot, the job of the initial ramdisk is to find and mount the root (\/<\/tt>) filesystem. As we haven’t made any changes to that, only to \/home<\/tt>, there is no need to run dracut.<\/p>\n
Reboot and test it!<\/p>\n
If the system is booted without the encryption media inserted, after a minute it will drop into emergency mode. The system will allow you to log in as root and make adjustments, but of course \/home<\/tt> will not be available unless you unlock it from the command line with the passphrase using cryptsetup<\/tt>.<\/p>\n
Bonus: Automatically unmount encryption key media after boot<\/h3>\n
As things stand, the Key filesystem will remain mounted all the time, which means the device can’t be safely removed while the system is running. Here is a systemd service file you can use to unmount the encryption passphrase USB storage device after it has fulfilled its purpose at boot time:<\/p>\n
[Unit]\r\nDescription=Unmount encryption passphrase media at boot\r\nDocumentation=https:\/\/cyberelk.net\/tim\/2015\/04\/09\/headless-encrypted-boot-with-fedora-server\/\r\nAfter=home.mount\r\n\r\n[Service]\r\nType=oneshot\r\nExecStart=\/usr\/bin\/umount \/mnt\/key\r\nRemainAfterExit=true\r\n\r\n[Install]\r\nWantedBy=multi-user.target\r\n<\/pre>\n
Save it as \/etc\/systemd\/system\/umount-key.service<\/tt> and enable it:<\/p>\n
# systemctl enable umount-key.service\r\n<\/pre>\n
All done<\/h3>\n
That’s it! Hope you find this useful.<\/p>\n
I’d love to have this work for whole-disk encryption, where the root filesystem is also encrypted, and I’d also love to be able to fall back to entering the passphrase at the console, rather than dropping into emergency mode. However it doesn’t seem to be possible just yet<\/a>.<\/p>\n
UPDATED<\/small>: Fixed the read\/printf line to handle escape characters better as suggested by Ralph.<\/p>\n","protected":false},"excerpt":{"rendered":"
Here is a recipe for using encrypted boot on a Fedora Server system that does not have a monitor or keyboard attached during normal use. I’ll use Fedora 21 Server, and will have a dedicated encrypted volume group for data but leave the main operating system volume group unencrypted. The encryption key will be stored […]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[3],"tags":[93,27,94,74],"class_list":["post-1217","post","type-post","status-publish","format-standard","hentry","category-software","tag-encrypted-boot","tag-fedora","tag-headless","tag-systemd"],"yoast_head":"\nHeadless encrypted boot with Fedora Server - PRINT HEAD<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cyberelk.net\/tim\/2015\/04\/09\/headless-encrypted-boot-with-fedora-server\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Headless encrypted boot with Fedora Server - PRINT HEAD\" \/>\n<meta property=\"og:description\" content=\"Here is a recipe for using encrypted boot on a Fedora Server system that does not have a monitor or keyboard attached during normal use. I’ll use Fedora 21 Server, and will have a dedicated encrypted volume group for data but leave the main operating system volume group unencrypted. The encryption key will be stored […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cyberelk.net\/tim\/2015\/04\/09\/headless-encrypted-boot-with-fedora-server\/\" \/>\n<meta property=\"og:site_name\" content=\"PRINT HEAD\" \/>\n<meta property=\"article:published_time\" content=\"2015-04-09T22:21:19+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2015-06-30T07:52:30+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/cyberelk.net\/tim\/wp-content\/uploads\/2015\/04\/01-config-partitioning-450x167.png\" \/>\n<meta name=\"author\" content=\"Tim Waugh\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tim Waugh\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/cyberelk.net\\\/tim\\\/2015\\\/04\\\/09\\\/headless-encrypted-boot-with-fedora-server\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/cyberelk.net\\\/tim\\\/2015\\\/04\\\/09\\\/headless-encrypted-boot-with-fedora-server\\\/\"},\"author\":{\"name\":\"Tim Waugh\",\"@id\":\"https:\\\/\\\/cyberelk.net\\\/tim\\\/#\\\/schema\\\/person\\\/23b749f30a67f1b1c6af17024fc94bf6\"},\"headline\":\"Headless encrypted boot with Fedora Server\",\"datePublished\":\"2015-04-09T22:21:19+00:00\",\"dateModified\":\"2015-06-30T07:52:30+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/cyberelk.net\\\/tim\\\/2015\\\/04\\\/09\\\/headless-encrypted-boot-with-fedora-server\\\/\"},\"wordCount\":850,\"commentCount\":2,\"publisher\":{\"@id\":\"https:\\\/\\\/cyberelk.net\\\/tim\\\/#\\\/schema\\\/person\\\/23b749f30a67f1b1c6af17024fc94bf6\"},\"image\":{\"@id\":\"https:\\\/\\\/cyberelk.net\\\/tim\\\/2015\\\/04\\\/09\\\/headless-encrypted-boot-with-fedora-server\\\/#primaryimage\"},\"thumbnailUrl\":\"http:\\\/\\\/cyberelk.net\\\/tim\\\/wp-content\\\/uploads\\\/2015\\\/04\\\/01-config-partitioning-450x167.png\",\"keywords\":[\"encrypted boot\",\"fedora\",\"headless\",\"systemd\"],\"articleSection\":[\"Software\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/cyberelk.net\\\/tim\\\/2015\\\/04\\\/09\\\/headless-encrypted-boot-with-fedora-server\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/cyberelk.net\\\/tim\\\/2015\\\/04\\\/09\\\/headless-encrypted-boot-with-fedora-server\\\/\",\"url\":\"https:\\\/\\\/cyberelk.net\\\/tim\\\/2015\\\/04\\\/09\\\/headless-encrypted-boot-with-fedora-server\\\/\",\"name\":\"Headless encrypted boot with Fedora Server - PRINT HEAD\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/cyberelk.net\\\/tim\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/cyberelk.net\\\/tim\\\/2015\\\/04\\\/09\\\/headless-encrypted-boot-with-fedora-server\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/cyberelk.net\\\/tim\\\/2015\\\/04\\\/09\\\/headless-encrypted-boot-with-fedora-server\\\/#primaryimage\"},\"thumbnailUrl\":\"http:\\\/\\\/cyberelk.net\\\/tim\\\/wp-content\\\/uploads\\\/2015\\\/04\\\/01-config-partitioning-450x167.png\",\"datePublished\":\"2015-04-09T22:21:19+00:00\",\"dateModified\":\"2015-06-30T07:52:30+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/cyberelk.net\\\/tim\\\/2015\\\/04\\\/09\\\/headless-encrypted-boot-with-fedora-server\\\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/cyberelk.net\\\/tim\\\/2015\\\/04\\\/09\\\/headless-encrypted-boot-with-fedora-server\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/cyberelk.net\\\/tim\\\/2015\\\/04\\\/09\\\/headless-encrypted-boot-with-fedora-server\\\/#primaryimage\",\"url\":\"http:\\\/\\\/cyberelk.net\\\/tim\\\/wp-content\\\/uploads\\\/2015\\\/04\\\/01-config-partitioning-450x167.png\",\"contentUrl\":\"http:\\\/\\\/cyberelk.net\\\/tim\\\/wp-content\\\/uploads\\\/2015\\\/04\\\/01-config-partitioning-450x167.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/cyberelk.net\\\/tim\\\/2015\\\/04\\\/09\\\/headless-encrypted-boot-with-fedora-server\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/cyberelk.net\\\/tim\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Headless encrypted boot with Fedora Server\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/cyberelk.net\\\/tim\\\/#website\",\"url\":\"https:\\\/\\\/cyberelk.net\\\/tim\\\/\",\"name\":\"PRINT HEAD\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/cyberelk.net\\\/tim\\\/#\\\/schema\\\/person\\\/23b749f30a67f1b1c6af17024fc94bf6\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/cyberelk.net\\\/tim\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/cyberelk.net\\\/tim\\\/#\\\/schema\\\/person\\\/23b749f30a67f1b1c6af17024fc94bf6\",\"name\":\"Tim Waugh\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/cyberelk.net\\\/tim\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/printhead.png\",\"url\":\"https:\\\/\\\/cyberelk.net\\\/tim\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/printhead.png\",\"contentUrl\":\"https:\\\/\\\/cyberelk.net\\\/tim\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/printhead.png\",\"width\":731,\"height\":140,\"caption\":\"Tim Waugh\"},\"logo\":{\"@id\":\"https:\\\/\\\/cyberelk.net\\\/tim\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/printhead.png\"},\"sameAs\":[\"http:\\\/\\\/cyberelk.net\\\/tim\"],\"url\":\"https:\\\/\\\/cyberelk.net\\\/tim\\\/author\\\/twaugh\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Headless encrypted boot with Fedora Server - PRINT HEAD","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cyberelk.net\/tim\/2015\/04\/09\/headless-encrypted-boot-with-fedora-server\/","og_locale":"en_GB","og_type":"article","og_title":"Headless encrypted boot with Fedora Server - PRINT HEAD","og_description":"Here is a recipe for using encrypted boot on a Fedora Server system that does not have a monitor or keyboard attached during normal use. I’ll use Fedora 21 Server, and will have a dedicated encrypted volume group for data but leave the main operating system volume group unencrypted. The encryption key will be stored […]","og_url":"https:\/\/cyberelk.net\/tim\/2015\/04\/09\/headless-encrypted-boot-with-fedora-server\/","og_site_name":"PRINT HEAD","article_published_time":"2015-04-09T22:21:19+00:00","article_modified_time":"2015-06-30T07:52:30+00:00","og_image":[{"url":"http:\/\/cyberelk.net\/tim\/wp-content\/uploads\/2015\/04\/01-config-partitioning-450x167.png","type":"","width":"","height":""}],"author":"Tim Waugh","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Tim Waugh","Estimated reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/cyberelk.net\/tim\/2015\/04\/09\/headless-encrypted-boot-with-fedora-server\/#article","isPartOf":{"@id":"https:\/\/cyberelk.net\/tim\/2015\/04\/09\/headless-encrypted-boot-with-fedora-server\/"},"author":{"name":"Tim Waugh","@id":"https:\/\/cyberelk.net\/tim\/#\/schema\/person\/23b749f30a67f1b1c6af17024fc94bf6"},"headline":"Headless encrypted boot with Fedora Server","datePublished":"2015-04-09T22:21:19+00:00","dateModified":"2015-06-30T07:52:30+00:00","mainEntityOfPage":{"@id":"https:\/\/cyberelk.net\/tim\/2015\/04\/09\/headless-encrypted-boot-with-fedora-server\/"},"wordCount":850,"commentCount":2,"publisher":{"@id":"https:\/\/cyberelk.net\/tim\/#\/schema\/person\/23b749f30a67f1b1c6af17024fc94bf6"},"image":{"@id":"https:\/\/cyberelk.net\/tim\/2015\/04\/09\/headless-encrypted-boot-with-fedora-server\/#primaryimage"},"thumbnailUrl":"http:\/\/cyberelk.net\/tim\/wp-content\/uploads\/2015\/04\/01-config-partitioning-450x167.png","keywords":["encrypted boot","fedora","headless","systemd"],"articleSection":["Software"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/cyberelk.net\/tim\/2015\/04\/09\/headless-encrypted-boot-with-fedora-server\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/cyberelk.net\/tim\/2015\/04\/09\/headless-encrypted-boot-with-fedora-server\/","url":"https:\/\/cyberelk.net\/tim\/2015\/04\/09\/headless-encrypted-boot-with-fedora-server\/","name":"Headless encrypted boot with Fedora Server - PRINT HEAD","isPartOf":{"@id":"https:\/\/cyberelk.net\/tim\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cyberelk.net\/tim\/2015\/04\/09\/headless-encrypted-boot-with-fedora-server\/#primaryimage"},"image":{"@id":"https:\/\/cyberelk.net\/tim\/2015\/04\/09\/headless-encrypted-boot-with-fedora-server\/#primaryimage"},"thumbnailUrl":"http:\/\/cyberelk.net\/tim\/wp-content\/uploads\/2015\/04\/01-config-partitioning-450x167.png","datePublished":"2015-04-09T22:21:19+00:00","dateModified":"2015-06-30T07:52:30+00:00","breadcrumb":{"@id":"https:\/\/cyberelk.net\/tim\/2015\/04\/09\/headless-encrypted-boot-with-fedora-server\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cyberelk.net\/tim\/2015\/04\/09\/headless-encrypted-boot-with-fedora-server\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/cyberelk.net\/tim\/2015\/04\/09\/headless-encrypted-boot-with-fedora-server\/#primaryimage","url":"http:\/\/cyberelk.net\/tim\/wp-content\/uploads\/2015\/04\/01-config-partitioning-450x167.png","contentUrl":"http:\/\/cyberelk.net\/tim\/wp-content\/uploads\/2015\/04\/01-config-partitioning-450x167.png"},{"@type":"BreadcrumbList","@id":"https:\/\/cyberelk.net\/tim\/2015\/04\/09\/headless-encrypted-boot-with-fedora-server\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cyberelk.net\/tim\/"},{"@type":"ListItem","position":2,"name":"Headless encrypted boot with Fedora Server"}]},{"@type":"WebSite","@id":"https:\/\/cyberelk.net\/tim\/#website","url":"https:\/\/cyberelk.net\/tim\/","name":"PRINT HEAD","description":"","publisher":{"@id":"https:\/\/cyberelk.net\/tim\/#\/schema\/person\/23b749f30a67f1b1c6af17024fc94bf6"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cyberelk.net\/tim\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":["Person","Organization"],"@id":"https:\/\/cyberelk.net\/tim\/#\/schema\/person\/23b749f30a67f1b1c6af17024fc94bf6","name":"Tim Waugh","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/cyberelk.net\/tim\/wp-content\/uploads\/2023\/01\/printhead.png","url":"https:\/\/cyberelk.net\/tim\/wp-content\/uploads\/2023\/01\/printhead.png","contentUrl":"https:\/\/cyberelk.net\/tim\/wp-content\/uploads\/2023\/01\/printhead.png","width":731,"height":140,"caption":"Tim Waugh"},"logo":{"@id":"https:\/\/cyberelk.net\/tim\/wp-content\/uploads\/2023\/01\/printhead.png"},"sameAs":["http:\/\/cyberelk.net\/tim"],"url":"https:\/\/cyberelk.net\/tim\/author\/twaugh\/"}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pnnS2-jD","_links":{"self":[{"href":"https:\/\/cyberelk.net\/tim\/wp-json\/wp\/v2\/posts\/1217","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cyberelk.net\/tim\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberelk.net\/tim\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberelk.net\/tim\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberelk.net\/tim\/wp-json\/wp\/v2\/comments?post=1217"}],"version-history":[{"count":22,"href":"https:\/\/cyberelk.net\/tim\/wp-json\/wp\/v2\/posts\/1217\/revisions"}],"predecessor-version":[{"id":1273,"href":"https:\/\/cyberelk.net\/tim\/wp-json\/wp\/v2\/posts\/1217\/revisions\/1273"}],"wp:attachment":[{"href":"https:\/\/cyberelk.net\/tim\/wp-json\/wp\/v2\/media?parent=1217"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberelk.net\/tim\/wp-json\/wp\/v2\/categories?post=1217"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberelk.net\/tim\/wp-json\/wp\/v2\/tags?post=1217"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}