You are not logged in.

#1 2019-11-06 08:05:40

W00PIE
Member
From: Europe
Registered: 2019-11-02
Posts: 2

[solved] dropbearconvert refuses all kinds of OpenSSH keys

I have just migrated all my systems from Ubuntu with LUKS to Arch with native ZFS root encryption and honestly: I'm really really happy with Arch! smile

Now I wanted to add remote unlocking of my encrypted root, so I installed mkinitcpio-dropbear etc. But I ran into the problem that the initcpio dropbear installl hook was unable to automatically convert and use my openssh key(s). So I tried converting them manually to see what the problem is.

I created test keys of every possible type, starting with

ssh-keygen -t rsa -f test

and then

# dropbearconvert openssh dropbear test drop
Error: Unrecognised key type
Error reading key from 'test'

I then tried all other types (dsa, ecdsa, ed25519) with varying bit lengths, nothing succeeded. What kind of key does dropbearconvert expect? Or do I need to convert my existing keys to some special format before then converting them with dropbearconvert? Thanks in advance for clarification!

Some numbers:

5.3.8-arch1-1 #1 SMP PREEMPT @1572357769 x86_64 GNU/Linux
community/dropbear 2019.78-1
core/openssh 8.1p1-1

Last edited by W00PIE (2019-11-07 05:41:24)

Offline

#2 2019-11-06 14:39:59

progandy
Member
Registered: 2012-05-17
Posts: 3,580

Re: [solved] dropbearconvert refuses all kinds of OpenSSH keys

dropbear should understand RSA, ECDSA, and DSS
https://jlk.fjfi.cvut.cz/arch/manpages/ … arkey.1.en

Edit: But apparently you need to first convert a key from RFC4716 to PEM to get the conversion working.
https://bugs.archlinux.org/task/60523
https://github.com/random-archer/mkinit … /issues/17

ssh-keygen -m PEM -p -f /tmp/id
# or create new key: ssh-keygen -t rsa -m PEM -f /tmp/id
dropbearconvert openssh dropbear /tmp/id /tmp/id_drop

Last edited by progandy (2019-11-06 15:07:28)


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#3 2019-11-07 05:32:00

W00PIE
Member
From: Europe
Registered: 2019-11-02
Posts: 2

Re: [solved] dropbearconvert refuses all kinds of OpenSSH keys

progandy wrote:

dropbear should understand RSA, ECDSA, and DSS
https://jlk.fjfi.cvut.cz/arch/manpages/ … arkey.1.en

Yes, the install hook indicates that it should work with the standard system keys, but unfortunately this is not the case anymore.

Edit: But apparently you need to first convert a key from RFC4716 to PEM to get the conversion working.

Yep. That did it, thanks.

Offline

Board footer

Powered by FluxBB