Dropbear doesn't seem to work correctly on skwotmail yet (2022-06-14). Maybe after upgrading Ubuntu?

  1. Unlock disks
  2. Add an ssh key to dropbear

Unlock disks

To unlock skwotmail's disks, one can either use the virtual console or Dropbear.

Dropbear is a tiny ssh server that can be included in the initramfs so that unlocking disks can be done through ssh before the actual system has started.

  • Connect using ssh as usual but add an option to specify where ssh will look for known hosts:
    • $ ssh -oUserKnownHostsFile=/tmp/ukh-skwotmail skwotmail
  • Keys fingerprints will thus be unknown to ssh, so it will ask for confirmation.
    • RSA Fingerprint: md5 fb:19:67:8f:af:35:40:b2:3e:04:38:4d:aa:e5:1b:6a
    • DSA/DSS Fingerprint: md5 0d:ee:f6:36:6a:3b:e0:c4:c0:a3:c7:f0:95:ac:b1:34
    • ECDSA Fingerprint: md5 a6:40:33:df:87:d9:63:f7:26:c2:d3:58:c6:84:32:15
  • Unlock disk with passphrase
  • Let it boot a minute and connect to skwotmail normally
  • Check that Zimbra is correctly running:
    • # su - zimbra -c 'zmcontrol status'

Add an ssh key to dropbear

Dropbear doesn't know about ed25519 keys, so it's recommended to use RSA instead

  • Add a line in /etc/initramfs-tools/etc/dropbear/authorized_keys
  • Make sure there is a comment that states who this key belongs to
  • Update initramfs:
    • # update-initramfs -u