Your message dated Tue, 8 Aug 2023 17:05:57 +0200
with message-id <[email protected]>
and subject line Re: Bug#1037086: dropbear-initramfs:
/etc/dropbear/initramfs/dropbear_dss_host_key file not generated
has caused the Debian Bug report #1037086,
regarding dropbear-initramfs: /etc/dropbear/initramfs/dropbear_dss_host_key
file not generated
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1037086: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037086
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: dropbear-initramfs
Version: 2022.83-1
Severity: normal
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
One of my systems did not start and landed in rescue shell. I wanted to install
dropbear-initramfs and enable ssh access for rescue target. I installed it and
configured it.
* What exactly did you do (or not do) that was effective (or
ineffective)?
Updated initramfs and created symlinks
/etc/dropbear/dropbear_ecdsa_host_key ->
/etc/dropbear/initramfs/dropbear_ecdsa_host_key
/etc/dropbear/dropbear_ed25519_host_key ->
/etc/dropbear/initramfs/dropbear_ed25519_host_key
/etc/dropbear/dropbear_rsa_host_key ->
/etc/dropbear/initramfs/dropbear_rsa_host_key
DROPBEAR_OPTIONS="-FEsjk"
But dropbear did not start as it was complaining about the missing dss host
key. I generated a new dss key and added the symlink
dropbearkeygen -t dss -f /etc/dropbear/initramfs/dropbear_dss_host_key
/etc/dropbear/dropbear_dss_host_key ->
/etc/dropbear/initramfs/dropbear_dss_host_key
Updated initramfs, reboot into rescue
* What was the outcome of this action?
dropbear did NOT start.
If i delete /etc/dropbear/initramfs/dropbear_dss_host_key and generate a new
one
dropbearkeygen -t dss -f /etc/dropbear/initramfs/dropbear_dss_host_key
in the resuce shell dropbear starts.
Info:
-----
georg@nas-dsm:~$ uname -a
Linux nas-dsm 6.1.0-9-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.27-1 (2023-05-08)
x86_64 GNU/Linux
georg@nas-dsm:~$ cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"
NAME="Debian GNU/Linux"
VERSION_ID="12"
VERSION="12 (bookworm)"
VERSION_CODENAME=bookworm
ID=debian
HOME_URL="https://www.debian.org/";
SUPPORT_URL="https://www.debian.org/support";
BUG_REPORT_URL="https://bugs.debian.org/";
georg@nas-dsm:~$ apt-cache policy dropbear-initramfs
dropbear-initramfs:
Installiert: 2022.83-1
Installationskandidat: 2022.83-1
Versionstabelle:
*** 2022.83-1 500
500 http://ftp.de.debian.org/debian bookworm/main amd64 Packages
100 /var/lib/dpkg/status
georg@nas-dsm:~$ tree /etc/dropbear/
/etc/dropbear/
├── dropbear_dss_host_key -> initramfs/dropbear_dss_host_key
├── dropbear_ecdsa_host_key -> initramfs/dropbear_ecdsa_host_key
├── dropbear_ed25519_host_key -> initramfs/dropbear_ed25519_host_key
├── dropbear_rsa_host_key -> initramfs/dropbear_rsa_host_key
└── initramfs
├── authorized_keys
├── dropbear.conf
├── dropbear_dss_host_key
├── dropbear_ecdsa_host_key
├── dropbear_ed25519_host_key
└── dropbear_rsa_host_key
2 directories, 10 files
-- System Information:
Debian Release: 12.0
APT prefers testing-security
APT policy: (500, 'testing-security'), (500,
'testing-proposed-updates-debug'), (500, 'testing-proposed-updates'), (500,
'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.1.0-9-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages dropbear-initramfs depends on:
ii busybox-static [busybox] 1:1.35.0-4+b3
pn dropbear-bin <none>
ii initramfs-tools 0.142
ii udev 252.6-1
Versions of packages dropbear-initramfs recommends:
ii cryptsetup-initramfs 2:2.6.1-4~deb12u1
dropbear-initramfs suggests no packages.
--- End Message ---
--- Begin Message ---
On Tue, 08 Aug 2023 at 09:42:08 -0500, Michael Meier wrote:
> - in /etc/crypttab add "initramfs" as parameter to the corresponding
> partition
>
> Maybe mentioning that in
>
> /usr/share/doc/dropbear-initramfs/initrfamfs.README
>
> would help future users.
The file has a link to /usr/share/doc/cryptsetup/README.Debian.gz sec. 8
which mentions the ‘initramfs’ crypttab(5) flag. Encryption is the
realm of src:cryptsetup not src:dropbear.
> Even more helpful would probably be, that
>
> update-initramfs
>
> would spit out a message, that no encrypted fs have been found.
I disagree, remote unlocking is probably the most common use of
dropbear-initramfs but not the only one. It's also useful to remotely
access rescue initramfs shells for instance, even on non-encrypted file
systems.
--
Guilhem.
signature.asc
Description: PGP signature
--- End Message ---
