Page 1 of 1

Encrypted Pi and Remote SSH login with DropBear Not Working

Posted: Sun Aug 05, 2018 5:58 pm
by TheRoark
I am trying to log in to an encrypted Pi with SSH and DropBear. I have it working locally in that the partition is encrypted and can boot at login with a local password typed in. I also have SSH working. But I can't get it to work so I can SSH remotely on reboot (i.e., log in on boot remotely using SSH and DropBear).

I tried to follow the instructions for Kali secure Pi here: https://www.kali.org/tutorials/secure-kali-pi-2018/. I also tried it after adjusting and rerunning the dropbear script as suggested here: https://bugs.launchpad.net/ubuntu/+sour ... ug/1645555.

This is the error I get in both instances:

Code: Select all

[email protected]: Permission denied (publickey).
Anyone know what I'm getting wrong? Or does anyone have the ability to remotely login to their Pi using SSH and encryption?

Re: Encrypted Pi and Remote SSH login with DropBear Not Working

Posted: Sun Aug 05, 2018 6:04 pm
by tpyo kingg
Which distro, including version, do you have on the server side? Which SSH package?

Which distro, including version, do you have on the client side? Which SSH package?

Re: Encrypted Pi and Remote SSH login with DropBear Not Working

Posted: Sun Aug 05, 2018 7:26 pm
by TheRoark
On the server side it's: Linux 4.9.59-v7_Re4son-Kali-Pi+ armv7l GNU/Linux with OpenSSH_7.7p1 Debian-2, OpenSSL 1.0.2o 27 Mar 2018.

On the client side I've tried both: (1) Fedora 28 with OpenSSH_7.7p1, OpenSSL 1.1.0h-fips 27 Mar 2018; and (2) Ubuntu 18.04 with OpenSSH_7.6p1 Ubuntu-4, OpenSSL 1.0.2n 7 Dec 2017.

Re: Encrypted Pi and Remote SSH login with DropBear Not Working

Posted: Mon Aug 06, 2018 1:50 am
by TheRoark
So I was able to find (what I believe to be) the error in the Kali instructions. Basically, it tells you what the authorized_keys (at sudo nano /etc/dropbear-initramfs/authorized_keys) should look like, but it doesn't tell you how to create and append your dropbear id_rsa keys.

Here is what I did (from htps://github.com/chadoe/luks-triple-unlock/blob/master/install.sh):

Code: Select all

ssh-keygen -t rsa -N '' -f /etc/dropbear-initramfs/id_rsa   #creates the dropbear id_rsa keys
cat /etc/dropbear-initramfs/id_rsa/id_rsa.pub >> /etc/dropbear-initramfs/authorized_keys
After I did that and completed the rest of the instructions, I can ssh in to the encrypted Pi and get it to boot using dropbear, but only from within the same network, using:

Code: Select all

ssh -o "UserKnownHostsFile /dev/null"  [email protected]
or (after copying the private keys from the Pi's dropbear to the client at ~/.ssh/):

Code: Select all

ssh -i /home/root/.ssh/id_rsa [email protected]
What I can't do, and want to do, is be able to remote in at the dropbear boot stage from a different network, like:

Code: Select all

ssh -o "UserKnownHostsFile /dev/null"  [email protected] -p 5555
I have ssh set up so that if the Pi is already booted, this works from a different network:

Code: Select all

ssh -X [email protected] -p 5555
So I don't get why it works for the Pi remotely after boot, but does not work for the Pi remotely before boot, during the dropbear stage.

Re: Encrypted Pi and Remote SSH login with DropBear Not Working

Posted: Tue Aug 14, 2018 12:58 am
by TheRoark
Does anyone have this working on their Pi with dropbear???