Updated for Ubuntu 22.04
sudo apt update sudo apt -y upgrade sudo apt install -y busybox dropbear*
Create and add key
ssh-keygen -b 4096 -t rsa -f ~/luks_unlock_key -N=""
then add your public key (most of the time ~/.ssh/id_rsa.pub) in the file /etc/dropbear/initramfs/authorized_keys.
sudo cat ~/lucks_unlock_key.pub >> /etc/dropbear/initramfs/authorized_keys
or, if you need to do it as root:
sudo -i sudo echo "mypublickeydata" >> /etc/dropbear/initramfs/authorized_keys exit
Update config (optional)
sudo nano /etc/dropbear/initramfs/dropbear.conf
Add these options:
#DROPBEAR_OPTIONS="-I 180 –j –k –p 2222 -s" DROPBEAR_OPTIONS="-p 2222"
Set Static IP (optional)
sudo nano /etc/initramfs-tools/initramfs.conf
Update initramfs to take into account the changes: :
sudo update-initramfs -u -k all
if you want to avoid to have clash between the keys between dropbear and openssh (they share the same ip, but use a different key), you may want to put in your client ~/.ssh/config something like that:
Host <myserver>_luks_unlock User root Hostname <myserver-ip-or-hostname> # The next line is useful to avoid ssh conflict with IP HostKeyAlias <myserver>_luks_unlock Port 2222 #use the unlock port defined in the dropbear config above rather than the normal port defined in sshd config PreferredAuthentications publickey IdentityFile /path/to/id_rsa Host <myserver> User <normalusername> Hostname <myserver-ip-or-hostname> Port 22 #use the normal port defined in sshd config PreferredAuthentications publickey IdentityFile /path/to/id_rsa
and once you get a prompt, type as suggested by the busybox text :