So I was able to find (what I believe to be) the error in the Kali instructions. Basically, it tells you what the authorized_keys (at sudo nano /etc/dropbear-initramfs/authorized_keys
) should look like, but it doesn't tell you how to create and append your dropbear id_rsa keys.
Here is what I did (from htps://github.com/chadoe/luks-triple-unlock/blob/master/install.sh):
Code: Select all
ssh-keygen -t rsa -N '' -f /etc/dropbear-initramfs/id_rsa #creates the dropbear id_rsa keys
cat /etc/dropbear-initramfs/id_rsa/id_rsa.pub >> /etc/dropbear-initramfs/authorized_keys
After I did that and completed the rest of the instructions, I can ssh in to the encrypted Pi and get it to boot using dropbear, but only from within the same network
or (after copying the private keys from the Pi's dropbear to the client at ~/.ssh/):
What I can't do, and want to do, is be able to remote in at the dropbear boot stage from a different network, like:
I have ssh set up so that if the Pi is already booted, this works from a different network:
So I don't get why it works for the Pi remotely after boot, but does not work for the Pi remotely before boot, during the dropbear stage.