Created
April 16, 2025 09:58
-
-
Save zar3bski/a670172fcf3044b8a45ced3f6a65c85b to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # | |
| # Sets LUKS decrypt over SSH on Debian 12 using dropbear-initramfs | |
| # | |
| # 1. run this script providing the allowed SSH keys as args | |
| # ./unlock-luks-with-dropbear.sh '<allowed_pub_key>' '<allowed_pub_key>' | |
| # 2. reboot the system | |
| # 3. ssh <ip of your server> -p 2222 : you should get the 'Please unlock disk' prompt | |
| if [ -z "$1" ]; then | |
| echo "usage: ./unlock-luks-with-dropbear.sh '<allowed_pub_key>' '<allowed_pub_key>'" | |
| exit 1 | |
| fi | |
| if [ $UID != 0 ]; then | |
| echo "Must run with root" | |
| exit 1 | |
| fi | |
| apt-get install -y dropbear dropbear-initramfs | |
| # Configuring dropbear | |
| mkdir -p /etc/dropbear/initramfs/ | |
| touch /etc/dropbear/initramfs/dropbear.conf | |
| touch /etc/dropbear/initramfs/authorized_keys | |
| echo 'DROPBEAR_OPTIONS="-I 180 -j -k -p 2222 -s -c cryptroot-unlock"' >/etc/dropbear/initramfs/dropbear.conf | |
| # add SSH authorized_keys | |
| for arg; do | |
| echo $arg >>/etc/dropbear/initramfs/authorized_keys | |
| printf 'key added: "%s"\n' "$arg" | |
| done | |
| # Updating or generating an initramfs image | |
| update-initramfs -u | |
| update-initramfs -u -v |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment