Debian 11 cryptroot remote unlocking

Unlocking a fully encrypted setup on Debian remotely via ssh is now quite simple:

Install dropbear-initramfs

newserver: sudo apt-get install dropbear-initramfs



after this we need to get our ssh key into the initramfs. Simplest way is to log into the server once with the keys and then copy them to initramfs. To do that copy your keys from your main machine:

laptop: ssh-copy-id karl@mediaserver

then log into the machine and copy the authorized keys file:

newserver: sudo cp .ssh/authorized-keys /etc/dropbear-initramfs/

Add Hostname

by default the Initramfs gets it IP via DHCP. If you want to set a static IP you can do that with a IP parameter in /etc/initramfs-tools/initramfs.conf

Syntax is:

IP=<client-ip>:<server-ip>:<gw-ip>:<netmask>:<hostname>:<device>:<autoconf>:<dns0-ip>:<dns1-ip>:<ntp0-ip> 

If you use DHCP the Initramfs will get a IP but it will not set up a hostname. I find this inconvenient, fix it with this line in /etc/initramfs-tools/initramfs.conf

IP=::::debian-mediaserver:::::

Now rebuild your initramfs with new keys and IP settings:

newserver: sudo dpkg-reconfigure dropbear-initramfs

Schreiben Sie einen Kommentar

Ihre E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.