TheRoark
Posts: 9
Joined: Sun Feb 11, 2018 4:17 pm

Encrypted Pi and Remote SSH login with DropBear Not Working

Sun Aug 05, 2018 5:58 pm

I am trying to log in to an encrypted Pi with SSH and DropBear. I have it working locally in that the partition is encrypted and can boot at login with a local password typed in. I also have SSH working. But I can't get it to work so I can SSH remotely on reboot (i.e., log in on boot remotely using SSH and DropBear).

I tried to follow the instructions for Kali secure Pi here: https://www.kali.org/tutorials/secure-kali-pi-2018/. I also tried it after adjusting and rerunning the dropbear script as suggested here: https://bugs.launchpad.net/ubuntu/+sour ... ug/1645555.

This is the error I get in both instances:

Code: Select all

[email protected]: Permission denied (publickey).
Anyone know what I'm getting wrong? Or does anyone have the ability to remotely login to their Pi using SSH and encryption?

tpyo kingg
Posts: 541
Joined: Mon Apr 09, 2018 5:26 pm
Location: N. Finland

Re: Encrypted Pi and Remote SSH login with DropBear Not Working

Sun Aug 05, 2018 6:04 pm

Which distro, including version, do you have on the server side? Which SSH package?

Which distro, including version, do you have on the client side? Which SSH package?

TheRoark
Posts: 9
Joined: Sun Feb 11, 2018 4:17 pm

Re: Encrypted Pi and Remote SSH login with DropBear Not Working

Sun Aug 05, 2018 7:26 pm

On the server side it's: Linux 4.9.59-v7_Re4son-Kali-Pi+ armv7l GNU/Linux with OpenSSH_7.7p1 Debian-2, OpenSSL 1.0.2o 27 Mar 2018.

On the client side I've tried both: (1) Fedora 28 with OpenSSH_7.7p1, OpenSSL 1.1.0h-fips 27 Mar 2018; and (2) Ubuntu 18.04 with OpenSSH_7.6p1 Ubuntu-4, OpenSSL 1.0.2n 7 Dec 2017.

TheRoark
Posts: 9
Joined: Sun Feb 11, 2018 4:17 pm

Re: Encrypted Pi and Remote SSH login with DropBear Not Working

Mon Aug 06, 2018 1:50 am

So I was able to find (what I believe to be) the error in the Kali instructions. Basically, it tells you what the authorized_keys (at sudo nano /etc/dropbear-initramfs/authorized_keys) should look like, but it doesn't tell you how to create and append your dropbear id_rsa keys.

Here is what I did (from htps://github.com/chadoe/luks-triple-unlock/blob/master/install.sh):

Code: Select all

ssh-keygen -t rsa -N '' -f /etc/dropbear-initramfs/id_rsa   #creates the dropbear id_rsa keys
cat /etc/dropbear-initramfs/id_rsa/id_rsa.pub >> /etc/dropbear-initramfs/authorized_keys
After I did that and completed the rest of the instructions, I can ssh in to the encrypted Pi and get it to boot using dropbear, but only from within the same network, using:

Code: Select all

ssh -o "UserKnownHostsFile /dev/null"  [email protected]
or (after copying the private keys from the Pi's dropbear to the client at ~/.ssh/):

Code: Select all

ssh -i /home/root/.ssh/id_rsa [email protected]
What I can't do, and want to do, is be able to remote in at the dropbear boot stage from a different network, like:

Code: Select all

ssh -o "UserKnownHostsFile /dev/null"  [email protected] -p 5555
I have ssh set up so that if the Pi is already booted, this works from a different network:

Code: Select all

ssh -X [email protected] -p 5555
So I don't get why it works for the Pi remotely after boot, but does not work for the Pi remotely before boot, during the dropbear stage.

TheRoark
Posts: 9
Joined: Sun Feb 11, 2018 4:17 pm

Re: Encrypted Pi and Remote SSH login with DropBear Not Working

Tue Aug 14, 2018 12:58 am

Does anyone have this working on their Pi with dropbear???

Return to “Other”