From 7eb3bb228f1bc4f4bd3422955f7c4f6cd46495ad Mon Sep 17 00:00:00 2001 From: lub Date: Mon, 1 Nov 2021 15:37:09 +0100 Subject: [PATCH] only use rsa keys for dropbear --- README.md | 3 ++- authorized_keys_dropbear/lub | 1 + post-debootstrap-installer.sh | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) create mode 100644 authorized_keys_dropbear/lub diff --git a/README.md b/README.md index ed87fbc..681a2af 100644 --- a/README.md +++ b/README.md @@ -34,4 +34,5 @@ Templates (`hardware/*`) consist of three files: `config/*` gets copied to the chroot and contains static config files -`authorized_keys/*` is used to create the users and populate their respective `~/.ssh/authorized_keys` \ No newline at end of file +`authorized_keys/*` is used to create the users and populate their respective `~/.ssh/authorized_keys` +`authorized_keys_dropbear/*` is allowed to login for fde unlocking. No ed25519 keys supported.` diff --git a/authorized_keys_dropbear/lub b/authorized_keys_dropbear/lub new file mode 100644 index 0000000..bfb7b05 --- /dev/null +++ b/authorized_keys_dropbear/lub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCoCfs2IBe/6bzJs7eD6+a6jLpWt3PtfLiwd/nqsN9h4fc15qws2LlTg3rPwjxNJfGdYXB2CJHSMMIzvsNK3HBEagt/iBc8hV9qRHT6jLZqBJ0B2tXTQkawHizC0LP0gKGbH9aXPFaY29W/Xa+igNxsjDv9rZh0QaSa/3Z2nxzjJT4kwIXdwonREULtthsY5PnfyV/Qwe8pgbMPrSxq+rlsriGtU9Yr5qck5myK9/O+q8gQBTkbjGstPLRlDX37DDgHh9haQJ4yvGEy8p0akSdloQ9SgbISsZx+tdq9cB0TzRDY+YB2hVUrtBVhdcZ0HpDDv8J1GtkrUTfClnI6GNrkoBiJ6p2VgB0dzNQBIeuhvvzJPVmEAsi84FjwktdMx3IrrUJ1xgWftTOcZ2rxX4+vDCdr4NH1sAn9jqEUE28D1ouRwvMkyyPSictJ22CWaG4fSPfDlzylKRWFLkEPcKi06CAF8B9cGsoFGjEyiQ08lhHPHqQc1Gi2SBSXYE509wFNi385om61JY94izXAXAPx+n4OcpksEQangkBIYl0ZLyBRplQgqgzF/pCl59uosdGXjtEmOXxsYrdDmGnXCLInkA8N/bx6jZ6svGiaSXtKI/P6hY3MALuF37KzsMSNhnX6fG/a3l3WV4QYGgTtEPuYoYPpLnElMzM/MqHGEqcE/Q== lub diff --git a/post-debootstrap-installer.sh b/post-debootstrap-installer.sh index 0c00a19..82fe0f5 100755 --- a/post-debootstrap-installer.sh +++ b/post-debootstrap-installer.sh @@ -33,7 +33,7 @@ apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-conf mdadm --examine --scan | perl -pe 's/.*\/dev\/md\/?([0-9]+) .*UUID\=(.+?) .*/ARRAY \/dev\/md$1 UUID=$2/' > /etc/mdadm/mdadm.conf # concat user keys for cryptsetup unlocking at boot -cat /hardware-setup/authorized_keys/* > /etc/dropbear-initramfs/authorized_keys +cat /hardware-setup/authorized_keys_dropbear/* > /etc/dropbear-initramfs/authorized_keys # install grub if [ -d /sys/firmware/efi ]; then