I want to unlock an encrypted LVM at startup on a headless Ubuntu 16.04 server. This is a fairly fresh install. The only installs I have done are mate-desktop, xrdp, dropbear, and busybox. My client is PuTTY on a Windows machine. I am fairly new to Linux, but here is the progress I have made:
-
Installed dropbear and busybox
-
Used
puttygen
to generate a key pair -
Copied public key to
~/.ssh/authorized_keys
and set proper permissions (700 on directory, 600 on file) -
Copied public key to
/etc/initramfs-tools/root/.ssh/authorized_keys
and set proper permissions (700 on directory, 600 on file) -
Confirmed my keys are good by successfully connecting to normal user session via PuTTY using key authentication
-
Created the script and modified the config files as outlined at this link
(Note: I did not perform step 8, but my
/var/log/auth.log
file did not contain the errors showcased in the Troubleshoot section of that blogpost if step 8 is not performed.) -
Updated initramfs
When the system boots and shows the graphical LUKS unlock prompt, I get no response from the server when I try to connect via PuTTY. The connection times out. I have not been able to find any resources that deal with dropbear/busybox not running on boot. I am certain that if I could get a response, my key would work and I could unlock without problems.
How can I find out why dropbear/busybox isn't running at boot?
(For clarification, I can still unlock at the server and SSH into user session.)
Best Answer
After what feels like an eternity of deep diving into Google and trial and error, I finally got this figured out.
Here are the steps I took relative to the steps I outlined in the question:
ifconfig eth0 0.0.0.0 down
fromusr/share/initramfs-tools/scripts/init-bottom/dropbear
that step 6 in the blogpost outlined; I never added it back but never needed itModified and added the following scripts from this post:
After modifying and adding those scripts, dropbear was able to start, but my network device was failing to connect to the network, so I was still unable to connect to the server.
I finally discovered by using
ls /sys/class/net
that my network adapter was not calledeth0
; apparently that is an old notation no longer used by recent versions of Ubuntu, and since all the posts I have found are old if not ancient,eth0
is all I found references to.So, armed with that information and a few more snippets I found from other sources, I modified
initramfs.conf
as follows:Modified the
DEVICE=
portion of/etc/initramfs-tools/initramfs.conf
to read:Updated
initramfs
(sudo update-initramfs -u
)Now dropbear connects to the network and I can connect to the server and unlock remotely.