So I was able to find (what I believe to be) the error in the Kali 2018 instructions. Basically, it tells you what the authorized_keys (at sudo nano /etc/dropbear-initramfs/authorized_keys) should look like, but it doesn't tell you how to create and append your dropbear id_rsa keys.
Here is what I did (from htps://github.com/chadoe/luks-triple-unlock/blob/master/install.sh):
Code:
ssh-keygen -t rsa -N '' -f /etc/dropbear-initramfs/id_rsa #creates the dropbear id_rsa keys
cat /etc/dropbear-initramfs/id_rsa/id_rsa.pub >> /etc/dropbear-initramfs/authorized_keys
After I did that and completed the rest of the instructions, I can ssh in to the encrypted Pi and get it to boot using dropbear, but only from within the same network, using:
Code:
ssh -o "UserKnownHostsFile /dev/null" root@10.2.2.4
or (after copying the private keys from the Pi's dropbear to the client at ~/.ssh/):
Code:
ssh -i /home/root/.ssh/id_rsa root@10.2.2.4
What I can't do, and want to do, is be able to remote in at the dropbear boot stage from a different or remote network, like:
Code:
ssh -o "UserKnownHostsFile /dev/null" root@host.no-ip.org -p 5555
I have ssh set up so that if the Pi is already booted and past the encryption, I can access the Pi from a different network using:
Code:
ssh -X root@host.no-ip.org -p 5555
So I don't get why ssh works for the Pi remotely after boot using the same port, but does not work for the Pi remotely before boot, during the dropbear stage.
