There are many options available, but a minimal install of DropBear is relatively simple:
- Install the package:
apt install dropbear-initramfs
Add public keys to /etc/dropbear-initramfs/authorized_keys or /etc/dropbear/initramfs/authorized_keys on Debian 12 or other distributions.
Check the folder name using dpkg -L dropbear-initramfs. This was changed in/since dropbear (2020.81-4).
Add networking set-up to /etc/initramfs-tools/initramfs.conf (See kernel.org for details.)
- Model:
ip=<client-ip>:<server-ip>:<gw-ip>:<netmask>:<hostname>:<device>:<autoconf>:<dns0-ip>:<dns1-ip>:<ntp0-ip>
- Example of static IP:
IP=10.0.0.123::10.0.0.1:255.255.255.0:my.host.name:eth0:off
- It's simpler with DHCP:
IP=:::::eth0:dhcp
- Model:
Update the SSH port if needed in /etc/dropbear/initramfs/dropbear.conf by setting DROPBEAR_OPTIONS="-p 2222". See man dropbear(8) for more options.
- Convert public keys to PEM so dropbear can use them - OpenSSH seems okay reading them as well:
ssh-keygen -m PEM -p -f /etc/ssh/ssh_host_ecdsa_key ssh-keygen -m PEM -p -f /etc/ssh/ssh_host_rsa_key
Convert the resulting PEM files into dropbear format, in /etc/dropbear/initramfs/
dropbearconvert openssh dropbear /etc/ssh/ssh_host_ecdsa_key /etc/dropbear/initramfs/dropbear_ecdsa_host_key dropbearconvert openssh dropbear /etc/ssh/ssh_host_rsa_key /etc/dropbear/initramfs/dropbear_rsa_host_key
Update your initramfs: update-initramfs -c -k all