After some further research and testing:
/usr/share/initramfs-tools/hooks/dropbear
includes:
<snip>
# Copy config and host keys
mkdir -p -- "$DESTDIR/etc/dropbear"
if [ -e /etc/dropbear/initramfs/dropbear.conf ]; then
cp -pt "$DESTDIR/etc/dropbear" "/etc/dropbear/initramfs/dropbear.conf"
fi
copied_hostkey="n"
for keytype in rsa ecdsa ed25519; do
hostkey="/etc/dropbear/initramfs/dropbear_${keytype}_host_key"
if [ -f "$hostkey" ]; then
cp -pt "$DESTDIR/etc/dropbear" "$hostkey"
copied_hostkey="y"
fi
done
if [ "$copied_hostkey" = "n" ]; then
dropbear_warn "Missing host keys, SSH login to initramfs won't work!"
fi
# Copy authorized_keys
mkdir -m0700 -- "$home/.ssh"
if [ -e /etc/dropbear/initramfs/authorized_keys ]; then
cat /etc/dropbear/initramfs/authorized_keys
else
for keytype in dsa rsa ecdsa ed25519; do
pubkey="/etc/dropbear/initramfs/id_${keytype}.pub"
if [ -e "$pubkey" ]; then
cat "$pubkey"
fi
done
fi >"$home/.ssh/authorized_keys"
</snip>
...which suggests
[main or whatever]/etc/dropbear/initramfs/authorized_keys
should not exist as such within initramfs.
I can confirm:
$ unmkinitramfs /boot/initrd.img-$(uname -r) .
$ sudo cat /etc/dropbear/initramfs/authorized_keys | wc -l
5
$ sudo diff /etc/dropbear/initramfs/authorized_keys
./main/root-jjnlnk7i54/.ssh/authorized_keys
$
So all seems to be in order.
Rumour has it that if dropbear is installed as well as dropbear-initramfs, this
can cause problems, though that's a bit vague and I am doubtful.
Nonetheless I will test again having removed dropbear when I'm near the machine
to press buttons if needed, probably mid week.
Thanks
G
