Install Dropbear on Ubuntu to decrypt LVM during boot

sudo apt install dropbear

Enable Dropbear on boot:

sudo nano /etc/initramfs-tools/initramfs.conf

Set BUSYBOX=y and add DROPBEAR=y

Generate host key. Change to root account for ease of handling.

cd /etc/dropbear-initramfs/
sudo su
/usr/lib/dropbear/dropbearconvert dropbear openssh dropbear_rsa_host_key id_rsa
dropbearkey -y -f dropbear_rsa_host_key | grep "^ssh-rsa " > id_rsa.pub
exit

Assume you have already set up OpenSSH server and sign-in with key. Copy authorized_keys to be used by Dropbear.

sudo cp ~/.ssh/authorized_keys /etc/dropbear-initramfs/

Make Dropbear start with system.

sudo nano /etc/default/dropbear

Set NO_START=0

Set Dropbear options.

sudo nano /etc/dropbear-initramfs/config

It is recommended to use another port rather the 22 using by OpenSSH-Server, since it will prompt you signature change every time.

DROPBEAR_OPTIONS="-p 220"

Update.

sudo update-initramfs -u

Disable Dropbear after boot.

sudo systemctl disable dropbear

It is said that if splash screen is used the UI will be blocked. So disable it.

sudo nano /etc/default/grub

Change to GRUB_CMDLINE_LINUX_DEFAULT="quiet"

Update.

sudo update-grub

Finished.

Ubuntu guide: Dropbear SSH server to unlock LUKS encrypted PC | Paolo Brocco Works

Subscribe to theMatrixDev

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
[email protected]
Subscribe