You are not logged in.

Pages: 1

#1 2022-03-10 01:38:55

cmm11
Member
Registered: 2018-02-18
Posts: 51

[Solved] mkinitcpio-tinyssh can't ssh to tinyssh

I've a local server that i want to use mkinitcpio-tinyssh with to remote unlock the LUKS partition. I've used this hook in the past with zero issues, but today i've failed to make it work.

The first issue i've ran into is when running mkinitcpio -p linux-lts , when it gets to the tinyssh hook instead of seeing it add the key from /etc/tinyssh/root_key i see the message:

  -> Running build hook: [tinyssh]
tinyssh-convert: usage: tinyssh-convert out-tinysshkeydir < in-opensshfile

Luckily i found a github report that mentions this issue - https://github.com/grazzolini/mkinitcpi … /issues/10

I tried the patch mentioned on that page, but now whenever i try to ssh from desktop to the machine to unlock i get the messages:
On Desktop:

Unable to negotiate with 192.168.1.1 port 22: no matching host key type found. Their offer:

On Server:

A password is required to access the cryptroot volume: Enter passphrase for dev/sda2: tinysshd: GQenPf7f: info: connection from 192.168.1.155:51454 (main_tinysshd.c:121) 
tinysshd: GQenPf7f: fatal: unable to receive kex-message (protocol error) (main_tinysshd.c:166) tinysshd: ofD7ZbAM: info: connection from 192.168.1.155:51456 (main_tinysshd.c:124) 
tinysshd: ofD72bAM: fatal: unable to receive kex-message (protocol error) (main_tinysshd.c:166)

Steps i've done during setup of server:
On Desktop:

ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519
cat ~/.ssh/id_ed25519.pub

On Server:

yay -S mkinitcpio-netconf mkinitcpio-tinyssh mkinitcpio-utils tinyssh-convert
/usr/bin/ssh-keygen -A
nano /etc/tinyssh/root_key (paste in contents of id_ed25519.pub from desktop)
nano /etc/mkinitcpio.conf
HOOKS=(base udev autodetect keyboard keymap modconf block netconf tinyssh encryptssh filesystems fsck)
mkinitcpio -p linux-lts

Last edited by cmm11 (2022-03-10 15:37:03)

$20 Free Credit Hetzner - https://hetzner.cloud/?ref=fuVilhv403fA

Offline

#2 2022-03-10 07:30:11

-thc
Member
Registered: 2017-03-15
Posts: 775

Re: [Solved] mkinitcpio-tinyssh can't ssh to tinyssh

mkinitcpio-tinyssh also needs to make a copy of the OpenSSH ed25519 host key and looks for /etc/ssh/ssh_host_ed25519_key.

That file seems to be missing and leads to your errors.

Last edited by -thc (2022-03-10 15:06:15)

Offline

#3 2022-03-10 15:36:50

cmm11
Member
Registered: 2018-02-18
Posts: 51

Re: [Solved] mkinitcpio-tinyssh can't ssh to tinyssh

Got it fixed, the issue was the folder containing the keys was already present, so whenever i ran mkinitcpio again, the tinyssh hook wasn't adding the keys due to the folder being present.
https://github.com/grazzolini/mkinitcpi … 1063765237

$20 Free Credit Hetzner - https://hetzner.cloud/?ref=fuVilhv403fA

Offline

Pages: 1

Board footer

Powered by FluxBB