Remote Unlock

Use case

If you install Ubuntu 20.04 server, you can choose to lock your disk by a password. However, this will let OpenSSH server run only after the disk being decrypted. Therefore, this repo will demonstrate how to enable an SSH server by Dropbear even if your disk is still encrypted.

Linux <machine name> 5.4.0-42-generic #46-Ubuntu SMP Fri Jul 10 00:24:02 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 20.04.1 LTS
Release:	20.04
Codename:	focal

(Server side)

apt-get install dropbear: From my experience, by install this, dropbear and dropbear-initramfs will also be installed.
Add your id_rsa.pub to /etc/dropbear-initramfs/authorized_keys (i.e. cat id_rsa.pub >> /etc/dropbear-initramfs/authorized_keys)
update-initramfs -u
You are good to go!

If you want to set a static ip with a gateway:

IP=192.168.11.111::192.168.11.254:255.255.255.0::eth0:off

Note the IP format is: IP=<client-ip>:<server-ip>:<gw-ip>:<netmask>:<hostname>:<device>:<autoconf> ::
Remember to update the initramfs: update-initramfs -u

(Client side)

ssh -i ~/.ssh/id_rsa <your host>
cryptroot-unlock: this will prompt you to type your password for decrypting the disk.

I found that after initramfs the IP= will still remain even after the boot.
- Check /run/netplan/eno1.yaml, I found that IP truly was added.
- The way to solve it is to add a script under /etc/initramfs-tools/scripts/init-bottom/. And add commands like: rm -f /run/netplan/eno1.yaml. You will find that IP= will not remain after init ends. You can see deconfigure-interfaces
- Remember to run update-initramfs -u!

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
README.md		README.md
deconfigure-interfaces		deconfigure-interfaces