DropBear on Kali Linux Raspberry Pi SSH Error: root@ Permission denied (publickey)

[TheRoark]

I am trying to set up an encrypted Raspberry Pi running Kali with the capability of remote SSH in case it stalls/reboots/etc (as described here). The Kali running on an encrypted partition works fine as long as I can locally log in. But when trying to login using SSH via DropBear as per the Kali instructions:

root@kali:~# ssh-o"UserKnownHostsFile /dev/null" root@10.42.42.94

I get:

root@10.42.42.94: Permission denied (publickey)

I found a bug report that suggests it has to with the DropBear script, so I tried:

Code:
nano /usr/share/initramfs-tools/hooks/dropbear
and replacedCode:
`home=$(mktemp -d "$DESTDIR/root-XXXXXX")`

with

Code:
home="$DESTDIR/root"
mkdir -p $home


But the error persists.

Anyone able to help on this? Or someone have this working???

[TheRoark]

So I was able to find (what I believe to be) the error in the Kali 2018 instructions. Basically, it tells you what the authorized_keys (at sudo nano /etc/dropbear-initramfs/authorized_keys) should look like, but it doesn't tell you how to create and append your dropbear id_rsa keys.


Here is what I did (from htps://github.com/chadoe/luks-triple-unlock/blob/master/install.sh):

Code:

ssh-keygen -t rsa -N '' -f /etc/dropbear-initramfs/id_rsa   #creates the dropbear id_rsa keys
cat /etc/dropbear-initramfs/id_rsa/id_rsa.pub >> /etc/dropbear-initramfs/authorized_keys

After I did that and completed the rest of the instructions, I can ssh in to the encrypted Pi and get it to boot using dropbear, but only from within the same network, using:

Code:

ssh -o "UserKnownHostsFile /dev/null"  [email protected]

or (after copying the private keys from the Pi's dropbear to the client at ~/.ssh/):

Code:

ssh -i /home/root/.ssh/id_rsa [email protected]

What I can't do, and want to do, is be able to remote in at the dropbear boot stage from a different or remote network, like:

Code:

ssh -o "UserKnownHostsFile /dev/null"  [email protected] -p 5555

I have ssh set up so that if the Pi is already booted and past the encryption, I can access the Pi from a different network using:

Code:

ssh -X [email protected] -p 5555

So I don't get why ssh works for the Pi remotely after boot using the same port, but does not work for the Pi remotely before boot, during the dropbear stage.

[3dog]

Thanks @TheRoark, this was helpful to me:
Code:
ssh-keygen -t rsa -N '' -f /etc/dropbear-initramfs/id_rsa #creates the dropbear id_rsa keys
cat /etc/dropbear-initramfs/id_rsa/id_rsa.pub >> /etc/dropbear-initramfs/authorized_keys

[TheRoark]

Sure @3dog. Does anyone happen to know how to get this working from outside the network? That's the key issue at this point.