The Ubuntu minimal virtual install differs from the standard server install in two ways:
- lesser packages are installed;
- a different kernel is installed.
Before Oneiric, the kernel was the one provided by the linux-image-*-virtual packages. Nowadays, the kernel used by the minimal install is linux-image-*-generic. Instead, standard server and desktop installs use both linux-image-*-generic and linux-image-extra-*-generic.
All of this to say that if the minimal install does not work, it's because it lacks some drivers and modules that are shipped with the extra package.
So, the question is: are the drivers sufficient to run Ubuntu on Xen? I don't know and I can't try at the moment. If vmbuilder
does not let you use Ubuntu Minimal with Xen, it's a different matter.
What I can say is that Launchpad PPA builders and Amazon EC2 run on Xen, and I am pretty sure that neither of them are using the extra kernel package.
It's unclear which known_hosts are troubling you - on the server or on the client. I used the instructions at http://blog.neutrino.es/2011/unlocking-a-luks-encrypted-root-partition-remotely-via-ssh/
on Debian. I am going to paraphrase that page and add some tweak I found useful. Contemporary Debian dropbox packages create all the needed keys on the server at installation time, but the referenced tutorial is so old, that it mentions cases when the keys need to be manually created. YMMV.
A. On the server. As you correctly mentioned, dropbear and OpenSSH keys differ, but are supposedly inter-convertible. The tutorial says that you could create on the server the host keys with:
dropbearkey -t rsa -f /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key
In fact, it is a bit harder than that. For me on Debian Jessie, the steps were:
Create a OpenSSH key.
ssh-keygen -t rsa -b 4096 -m PEM -f bootkey_rsa
Copy it on the server, that is, the computer where you are more likely to have dropbearconvert. There, convert it to dropbear format:
/usr/lib/dropbear/dropbearconvert openssh dropbear bootkey_rsa bootkey_dropbear_rsa
Stil on the server, login to root, and extract from Dropbear key the public part to the file where boot dropbear looks for it:
dropbearkey -y -f bootkey_dropbear_rsa | grep "^ssh-rsa" > /etc/dropbear-initramfs/authorized_keys
Update initramfs:
update-initramfs -u -k all
Cleanup: remove bootkey_dropbear_rsa and bootkey_rsa from server.
Note that the location where the known_hosts is expected by update-initramfs, given above as /etc/dropbear-initramfs/authorized_keys
, is flexible, and probably changes from distro to distro. To be sure you put it in the right place, read the source file from /usr/share/initramfs-tools/hooks/dropbear
.
The other needed key is created with:
dropbearkey -t rsa -f /etc/initramfs-tools/root/.ssh/id_rsa.dropbear
B. On the client you need both kinds of keys, so there is another known_hosts
. In the referenced tutorial, the command to connect is:
ssh -o "UserKnownHostsFile=~/.ssh/known_hosts.initramfs" \
-i "~/id_rsa.initramfs" root@my.server.ip.addr \
"echo -ne \"MyS3cr3tK3y\" >/lib/cryptsetup/passfifo"
One of the keys, id_rsa.initramfs
, is the file /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key
or bootkey_rsa
from the server section.
On the client known_hosts
, there may be a conflict between the key you already have for the OpenSSH server and the dropbear server you just installed. I temporarily removed from known_hosts
the keys for the regular OpenSSH service, connected using the command above (leaving out the -o
parameter), got prompted if I trust the host-key, said yes, and got it appended to my known hosts
. From there on, you need to move that last line to its own known_hosts (~/.ssh/known_hosts.initramfs
in the example above).
Best Answer
Until ddclient is fixed, you can manually install the old module it wants:
Free DNS's clients page and
ddclient --help
provide sample ddclient configurations. Restart ddclient for changes to take effect: