mirror of
https://github.com/PrivSec-dev/privsec.dev
synced 2024-12-21 20:31:33 -05:00
Change to dropbear-initramfs (#126)
Dropbear is an SSH client, but since Proxmox is Debian-based, this requires dropbear-initramfs Signed-off-by: Reflux0301 <130855216+Reflux0301@users.noreply.github.com>
This commit is contained in:
parent
f6f1fe6516
commit
e29398c5bb
@ -115,15 +115,15 @@ systemctl enable zfs-load-key
|
||||
|
||||
It is not convenient to type in the encryption password on the console. You might want to setup Dropbear inside of the initramfs to unlock the drive over SSH instead.
|
||||
|
||||
First, install the `dropbear` package. Note that we are passing the `--no-install-recommends` argument here, as we don't want it to install `cryptsetup` and give annoying warnings on every initramfs generation.
|
||||
First, install the `dropbear-initramfs` package. Note that we are passing the `--no-install-recommends` argument here, as we don't want it to install `cryptsetup` and give annoying warnings on every initramfs generation.
|
||||
|
||||
```bash
|
||||
apt install --no-install-recommends dropbear
|
||||
apt install --no-install-recommends dropbear-initramfs
|
||||
```
|
||||
|
||||
Next, create `/etc/dropbear/authorized_keys` and put your ssh keys in there.
|
||||
Next, create `/etc/dropbear-initramfs/authorized_keys` and put your ssh keys in there.
|
||||
|
||||
You may also edit `/etc/dropbear/config` and adjust it however you like. You can find the list of the options [here](https://linux.die.net/man/8/dropbear). In my opinion, the default is good enough. Some other blog posts may recommend that you change the port to avoid the ssh fingerprint mismatch warning, but I would recommend using a different subdomain to connect to dropbear instead. That way, you can pin Dropbear's fingerprint with SSHFP records. I will write a separate post on this later.
|
||||
You may also edit `/etc/dropbear-initramfs/config` and adjust it however you like. You can find the list of the options [here](https://linux.die.net/man/8/dropbear). In my opinion, the default is good enough. Some other blog posts may recommend that you change the port to avoid the ssh fingerprint mismatch warning, but I would recommend using a different subdomain to connect to dropbear instead. That way, you can pin Dropbear's fingerprint with SSHFP records. I will write a separate post on this later.
|
||||
|
||||
Then, edit the `/etc/initramfs-tools/initramfs.conf` and add the static IP address for it to use. The format is
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user