- If you install Ubuntu 20.04 server, you can choose to lock your disk by a password. However, this will let OpenSSH server run only after the disk being decrypted. Therefore, this repo will demonstrate how to enable an SSH server by Dropbear even if your disk is still encrypted.
uname -a:
Linux <machine name> 5.4.0-42-generic #46-Ubuntu SMP Fri Jul 10 00:24:02 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
lsb_release -a:
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.1 LTS
Release: 20.04
Codename: focal
(Server side)
apt-get install dropbear: From my experience, by install this,dropbearanddropbear-initramfswill also be installed.- Add your
id_rsa.pubto/etc/dropbear-initramfs/authorized_keys(i.e.cat id_rsa.pub >> /etc/dropbear-initramfs/authorized_keys) update-initramfs -u- You are good to go!
If you want to set a static ip with a gateway:
- add line like this in
/etc/initramfs-tools/initramfs.conf:
IP=192.168.11.111::192.168.11.254:255.255.255.0::eth0:off
- Note the
IPformat is:IP=<client-ip>:<server-ip>:<gw-ip>:<netmask>:<hostname>:<device>:<autoconf>:: - Remember to update the initramfs:
update-initramfs -u
(Client side)
ssh -i ~/.ssh/id_rsa <your host>cryptroot-unlock: this will prompt you to type your password for decrypting the disk.
- I found that after
initramfstheIP=will still remain even after the boot.- Check
/run/netplan/eno1.yaml, I found thatIPtruly was added. - The way to solve it is to add a script under
/etc/initramfs-tools/scripts/init-bottom/. And add commands like:rm -f /run/netplan/eno1.yaml. You will find thatIP=will not remain afterinitends. You can see deconfigure-interfaces - Remember to run
update-initramfs -u!
- Check
- https://unix.stackexchange.com/questions/411945/luks-ssh-unlock-strange-behaviour-invalid-authorized-keys-file: The most useful one
- https://unix.stackexchange.com/questions/5017/ssh-to-decrypt-encrypted-lvm-during-headless-server-boot
- https://stinkyparkia.wordpress.com/2014/10/14/remote-unlocking-luks-encrypted-lvm-using-dropbear-ssh-in-ubuntu-server-14-04-1-with-static-ipst/
man initramfs.confman initramfs-tools- https://unix.stackexchange.com/questions/550021/where-is-the-documentation-for-the-ip-variable-in-initramfs-conf
- https://www.eugenemdavis.com/set-static-ip-initramfs.html
- What is creating /run/netplan/eth0.yaml?:
netplanandinitramfs-tools- Thanks for the hint. I ended up creating
/etc/initramfs-tools/scripts/init-bottom/deconfigure-interfacesthat doesrm -f /run/netplan/eth0.yaml && ip -f inet address flush dev eth0. (I don't know if flushing the IP addresses is necessary, but it doesn't hurt.)
- Thanks for the hint. I ended up creating