Results 1 to 4 of 4

Thread: DropBear on Kali Linux Raspberry Pi SSH Error: root@ Permission denied (publickey)

  1. #1
    Join Date
    2018-Aug
    Posts
    4

    DropBear on Kali Linux Raspberry Pi SSH Error: root@ Permission denied (publickey)

    I am trying to set up an encrypted Raspberry Pi running Kali with the capability of remote SSH in case it stalls/reboots/etc (as described here). The Kali running on an encrypted partition works fine as long as I can locally log in. But when trying to login using SSH via DropBear as per the Kali instructions:

    root@kali:~# ssh-o"UserKnownHostsFile /dev/null" root@10.42.42.94

    I get:

    root@10.42.42.94: Permission denied (publickey)

    I found a bug report that suggests it has to with the DropBear script, so I tried:

    Code:
    nano /usr/share/initramfs-tools/hooks/dropbear

    and replacedCode:
    `home=$(mktemp -d "$DESTDIR/root-XXXXXX")`


    with

    Code:
    home="$DESTDIR/root"
    mkdir -p $home


    But the error persists.

    Anyone able to help on this? Or someone have this working???

  2. #2
    Join Date
    2018-Aug
    Posts
    4
    So I was able to find (what I believe to be) the error in the Kali 2018 instructions. Basically, it tells you what the authorized_keys (at sudo nano /etc/dropbear-initramfs/authorized_keys) should look like, but it doesn't tell you how to create and append your dropbear id_rsa keys.


    Here is what I did (from htps://github.com/chadoe/luks-triple-unlock/blob/master/install.sh):
    Code:
    ssh-keygen -t rsa -N '' -f /etc/dropbear-initramfs/id_rsa   #creates the dropbear id_rsa keys
    cat /etc/dropbear-initramfs/id_rsa/id_rsa.pub >> /etc/dropbear-initramfs/authorized_keys

    After I did that and completed the rest of the instructions, I can ssh in to the encrypted Pi and get it to boot using dropbear, but only from within the same network, using:


    Code:
    ssh -o "UserKnownHostsFile /dev/null"  root@10.2.2.4

    or (after copying the private keys from the Pi's dropbear to the client at ~/.ssh/):


    Code:
    ssh -i /home/root/.ssh/id_rsa root@10.2.2.4

    What I can't do, and want to do, is be able to remote in at the dropbear boot stage from a different or remote network, like:


    Code:
    ssh -o "UserKnownHostsFile /dev/null"  root@host.no-ip.org -p 5555

    I have ssh set up so that if the Pi is already booted and past the encryption, I can access the Pi from a different network using:


    Code:
    ssh -X root@host.no-ip.org -p 5555

    So I don't get why ssh works for the Pi remotely after boot using the same port, but does not work for the Pi remotely before boot, during the dropbear stage.

  3. #3
    Join Date
    2018-Aug
    Posts
    3
    Thanks @TheRoark, this was helpful to me:
    Code:
    ssh-keygen -t rsa -N '' -f /etc/dropbear-initramfs/id_rsa #creates the dropbear id_rsa keys
    cat /etc/dropbear-initramfs/id_rsa/id_rsa.pub >> /etc/dropbear-initramfs/authorized_keys

  4. #4
    Join Date
    2018-Aug
    Posts
    4
    Sure @3dog. Does anyone happen to know how to get this working from outside the network? That's the key issue at this point.

Similar Threads

  1. Permission Denied error
    By MichaelKali in forum General Archive
    Replies: 2
    Last Post: 2016-01-01, 20:05

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •