Remote Unlocking LUKS Drive at Boot

f0rvert

New Member
Dec 16, 2017
5
0
1
38
Hello together,

i would like to achieve to unlock a LUKS drive at the boot behaviour via SSH. Unlike Debian Jessie the configuration has changed in Debian Stretch to set up dropbear.

Proxmox Version: pve-manager/5.1-38/1e9bc777
Running kernel: 4.13.4-1-pve

- First i installed dropbear-initramfs
- then i added my ssh-key to /etc/dropbear-initramfs/authorized_keys.
- then changed the ssh port in /etc/dropbear-initramfs/config
- update-initramfs -u

@ /etc/default/grub
Code:
GRUB_CMDLINE_LINUX_DEFAULT"ip=dhcp"
or static address
Code:
GRUB_CMDLINE_LINUX_DEFAULT"ip=10.255.1.250::10.255.1.254:255.255.255.0::eno1:none"

At this point there is a problem:
With DHCP Flag it posts:
Code:
IP-Config: eno1 hardware adress xx:xx:xx:xx:xx:xx mtu 1500 DHCP RARP
and then it's gone. No DHCP request to my Router.

With static IP shows:

Code:
IP-Config: eno1
address: 10.255.1.250  broadcast: 10.255.1.255  netmask 255.255.255.0
gateway: 10.255.1.254

So it seems to be configured but i'm not able to ping nor connect to the server.
Maybe the interface is not started correctly? Is there a special hint to achieve to start the interface in grub?

I don't know is it related to Proxmox or rather Debian Stretch.

There are several sites they cover the installation for Remote Unlocking. But i don't find anything with this behavior.

Thank You
Ben
 
Scratch your current config. Then put your IP config to /etc/initramfs-tools/conf.d/static_ip:
Code:
IP=10.255.1.250::10.255.1.254:255.255.255.0::eno1:off

Put your dropbear port config to /etc/dropbear-initramfs/config:
Code:
DROPBEAR_OPTIONS="-p xxxx"

Your authorized_keys for early dropbear go to /etc/dropbear-initramfs/authorized_keys.

You still need to run update-initramfs. I think I summed up everything, this setup in Stretch is a lot simpler than in Jessie or even before that.
 
Thank You for your reply. Your settings looks easier.
I've setted the config as you described. As before the Networkcard won't turn on.
After the GRUB Bootsplash they turned off the NIC (i know.. the led is not a clearly indicator).

The dropbear-initramfs Readme says:

Code:
Issues
------
You'll have to include the driver of (one of) your network card(s) to
/etc/initramfs-tools/modules.

So i added IGB to modules and update-initramfs -u, but no changes.
 
I had no such issues, I was even surprised how easy it was. What if you use eth0 in place of eno1 in static_ip?
 
Code:
ipconfig: eth0: SIOCGIFINDEX: No such device
ipconfig: no devices to configure
/scripts/init-premount/dropbear can't open 'run/net-eth0.conf'
 
New day, new testing...

In order to proof my setup i installed a new proxmox instance in kvm (latest iso). Same problem the Network Card won't start up at the point to enter the luks password.

So i installed a clean Debian 9.3.0, setted all up - after GRUB the the connection is established and i can ping the instance at the point to enter the luks password.

But i can't connect via ssh. It seems Dropbear isn't starting.
Syslog shows nothing unexpected.

Proxmox would have to start at least the network card !?

I was running out of ideas...
 
I'm experiencing this on an up-to-date system. Did you ever manage to fix it? I have tried everything thinkable to no avail. The DHCP works, an IP is assigned to the interface by the kernel, but it seems something takes them down before anything can be done, so the state goes back to unconfigured.
 
I'm also trying to get dropbear-initramfs running without luck. Was somebody able to solve this issue?
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!