Enable dropbear on boot to decrypt full disk encryption
- install
dropbear-initramfs
- put public rsa key in
/etc/dropbear/initramfs/authorized_keys, prepend
no-port-forwarding,no-agent-forwarding,no-x11-forwarding,command="/bin/cryptroot-unlock" ssh-rsa ...
- f DHCP no config neccesary
- in
/etc/dropbear/initramfs/dropbear.conf
DROPBEAR_OPTIONS="-p 4789 -s -j -k -I 60"
- issue to add the keys and generate new initiramfs
update-initramfs -u
- (old) writeup:
https://hamy.io/post/0009/how-to-install-luks-encrypted-ubuntu-18.04.x-server-and-enable-remote-unlocking/
No Comments