How do I get logs from my dropbear-initramfs SSH host?

Kyle

2/17/23, 4:38 PM

I use dropbear-initramfs (like this) to decrypt the root drive on my Ubuntu 20.04.3 headless server. Recently the server was abruptly powered off (power went out I think?) and now the dropbear SSH server rejects my public key.

I can successfully connect a keyboard and monitor and type in my decryption key, and I can reach the full SSH server after that, but then I still have the same issue with the public key. I've checked /etc/dropbear-initramfs/{authorized_keys,config}, but everything seems as it should be.

I'd like to see what's happening from the dropbear SSH side, but I don't know how to view the logs. Any ideas?

UPDATE:

I've run sudo lsinitramfs /boot/initrd.img-5.4.0-90-generic which gives me something interesting:

...
etc/dropbear  # no etc/dropbear/authorized_keys!
etc/dropbear/config
etc/dropbear/dropbear_dss_host_key
etc/dropbear/dropbear_ecdsa_host_key
etc/dropbear/dropbear_rsa_host_key
...
root-IEiu10  # what is this folder and why is authorized_keys here?
root-IEiu10/.ssh
root-IEiu10/.ssh/authorized_keys

UPDATE2: I think my issue is related to this.

541

0 + 0

dropbear

luks

Nikita Kipriyanov

2/17/23, 5:38 PM

What does mean "rejects public key"? What exactly is going on? // As of initramfs logging, read here: https://wiki.debian.org/InitramfsDebug#Saving_debug_information .

Kyle

2/19/23, 12:28 PM

I mean that usually I SSH into the dropbear and use public key authentication, but now I get `Permission denied (publickey).`

Nikita Kipriyanov

2/20/23, 5:49 AM

Are you able to check it is o.k. while in the initramfs shell, or, at least, unpack initrafms and see inside (lsinitramfs or better actually unpack cpio archive)? I.e. to confirm if initramfs build script actually put things inside as expected.

Score:2

Server

Kyle

3/23/23, 12:32 PM

After running through several rabbit holes, I finally found this post describing how newer SSH clients are starting to disable ssh-rsa authentication. Turns out that the solution was to temporarily add PubkeyAcceptedKeyTypes +ssh-rsa to my SSH config for this server. The long-term solution is to update dropbear, but this works for now.

The strange root-XXXXX folder is as it should be apparently.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How do I get logs from my dropbear-initramfs SSH host?

TH: ฉันจะรับบันทึกจากโฮสต์ SSH ของ dropbear-initramfs ได้อย่างไร

RO: Cum obțin jurnalele de la gazda mea SSH dropbear-initramfs?

RU: Как получить журналы с моего SSH-хоста dropbear-initramfs?

VI: Làm cách nào để lấy nhật ký từ máy chủ SSH dropbear-initramfs của tôi?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.