nanoscopic wiki

User Tools

Site Tools

You are here: start » pages » howtos » debian » dropbear-luks
pages:howtos:debian:dropbear-luks
, , ,

Install/Configure dropbear for remote unlocking encrypted root/swap-filesystems functionality

This might be a further advancement. If I get it right - It's limiting the SSH key to one specific command and also automates execution of that command. 

apt update && apt -y install busybox dropbear-initramfs
echo 'DROPBEAR=y' >> /etc/initramfs-tools/initramfs.conf
sed -i 's/DEVICE=/DEVICE=<YOURNETWORKDEVICE>/'  /etc/initramfs-tools/initramfs.conf
echo 'IP=::::<YOURHOSTNAME>-luks:<YOURNETWORKDEVICE>:dhcp' >> /etc/initramfs-tools/initramfs.conf
echo "<YOURSSHPUBLICKEY>" >> /etc/dropbear-initramfs/authorized_keys
echo "<YOURBACKUPSSHPUBLICKEY>" >> /etc/dropbear-initramfs/authorized_keys
update-initramfs -u

Use the following commands to log on to dropbears SSH server, authenticate with your SSH-key and to decrypt the LUKS partition: 

# connect to dropbears SSH server on denker,
# you will get authenticated with your SSH key.
ssh <YOURHOSTNAME>-luks -l root
# then issue the following command:
cryptroot-unlock
# now enter the LUKS passphrase

~~DISCUSSION~~

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
pages/howtos/debian/dropbear-luks.txt · Last modified: 2023/07/03 12:28 by Heiko Mischer