You are not logged in.
- Topics: Active | Unanswered
#1 2019-11-06 08:05:40
- W00PIE
- Member
- From: Europe
- Registered: 2019-11-02
- Posts: 2
[solved] dropbearconvert refuses all kinds of OpenSSH keys
I have just migrated all my systems from Ubuntu with LUKS to Arch with native ZFS root encryption and honestly: I'm really really happy with Arch! 
Now I wanted to add remote unlocking of my encrypted root, so I installed mkinitcpio-dropbear etc. But I ran into the problem that the initcpio dropbear installl hook was unable to automatically convert and use my openssh key(s). So I tried converting them manually to see what the problem is.
I created test keys of every possible type, starting with
ssh-keygen -t rsa -f testand then
# dropbearconvert openssh dropbear test drop
Error: Unrecognised key type
Error reading key from 'test'I then tried all other types (dsa, ecdsa, ed25519) with varying bit lengths, nothing succeeded. What kind of key does dropbearconvert expect? Or do I need to convert my existing keys to some special format before then converting them with dropbearconvert? Thanks in advance for clarification!
Some numbers:
5.3.8-arch1-1 #1 SMP PREEMPT @1572357769 x86_64 GNU/Linux
community/dropbear 2019.78-1
core/openssh 8.1p1-1
Last edited by W00PIE (2019-11-07 05:41:24)
Offline
#2 2019-11-06 14:39:59
- progandy
- Member
- Registered: 2012-05-17
- Posts: 5,259
Re: [solved] dropbearconvert refuses all kinds of OpenSSH keys
dropbear should understand RSA, ECDSA, and DSS
https://jlk.fjfi.cvut.cz/arch/manpages/ … arkey.1.en
Edit: But apparently you need to first convert a key from RFC4716 to PEM to get the conversion working.
https://bugs.archlinux.org/task/60523
https://github.com/random-archer/mkinit … /issues/17
ssh-keygen -m PEM -p -f /tmp/id
# or create new key: ssh-keygen -t rsa -m PEM -f /tmp/id
dropbearconvert openssh dropbear /tmp/id /tmp/id_dropLast edited by progandy (2019-11-06 15:07:28)
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Offline
#3 2019-11-07 05:32:00
- W00PIE
- Member
- From: Europe
- Registered: 2019-11-02
- Posts: 2
Re: [solved] dropbearconvert refuses all kinds of OpenSSH keys
dropbear should understand RSA, ECDSA, and DSS
https://jlk.fjfi.cvut.cz/arch/manpages/ … arkey.1.en
Yes, the install hook indicates that it should work with the standard system keys, but unfortunately this is not the case anymore.
Edit: But apparently you need to first convert a key from RFC4716 to PEM to get the conversion working.
Yep. That did it, thanks.
Offline