You can use an inventory file with multiple hosts to run this against multiple targets: Ansible to the rescue! I’ll show you how to setup a simple play that will deploy these changes to one host. This last step is what rebuilds your initramfs image and it will now include dropbear with new kernels.īut what if you have to do this on many machines? This setup could take you a while to do manually. The final step is to rebuild your initramfs image so that it now includes dropbear:
Paste the key into the open file, then save and quit. Sudo nano /etc/dropbear-initramfs/authorized_keys Then simply copy the key to another terminal window on the dropbear target host and edit the file: Your keys will be found in ~/.ssh/ you can easily copy your public key by viewing the file ~/.ssh/id_rsa.pub (on a trusted machine – preferably an SSH jumphost or other trusted SSH host) If you already have ssh keys generated, you can simply copy your public key DO NOT copy your private key! To generate ssh keys: You need to generate ssh keys and copy your public key to the authorized hosts file on the dropbear config folder.
Once you have changed the file in this way, there is one more thing to do. The -I 120 option sets dropbear to disconnect if the session is idle for more than 120 seconds. What this line does is configure dropbear to spawn and listen for connections on TCP port 222. When you open the file for editing, you’ll want to add this line to the file, then save and close: Once you install this package, here’s how you configure it: This will also work even if you update your kernel so not to worry. This package allows your system to rebuild the initramfs with a dropbear SSH listener. You can install the needed package via apt as follows: Your entire system drive is LUKs encrypted (likely required by your corporate policy). So let’s say for this example, you’re running either Debian or Ubuntu Linux. But what if the host has entire disk encryption such as LUKs and intended for remote users? If you ever needed to reboot the host, you would have to physically be present at the local console to enter the LUKs passphrase! Can’t make it into the office to unlock that drive? You’re SCREWED! Well, not when you setup dropbear SSH and SSH public key authentication! Dropbear to the rescue! Read on! The Solution Working with one or a fleet of LUKs encrypted Linux machines, it may be necessary to do a remote reboot (as might be the case when you’re using the machine remotely).
0 kommentar(er)
