Register for your free account! | Forgot your password?

Go Back   elitepvpers > Off-Topics > Technical Support > Unix/Linux
You last visited: Today at 17:39

  • Please register to post and access all features, it's quick, easy and FREE!

Advertisement



LUKS Dropbear RPI Root Encryption Error: Permission denied (publickey).

Discussion on LUKS Dropbear RPI Root Encryption Error: Permission denied (publickey). within the Unix/Linux forum part of the Technical Support category.

Reply
 
Old   #1
 
Waller66's Avatar
 
elite*gold: 0
Join Date: Nov 2010
Posts: 1,548
Received Thanks: 333
Thumbs up [solved] LUKS Dropbear RPI Root Encryption Error: Permission denied (publickey).

Which format has a dropbear ssh file?
I get this:
Warning: Permanently added '192.168.1.199' (ECDSA) to the list of known hosts.
Load key "/root/.ssh/remote_dropbear_id_rsa": invalid format

solution:

/usr/lib/dropbear/dropbearconvert dropbear openssh /etc/dropbear/dropbear_rsa_host_key /etc/dropbear/ssh_host_rsa_key

dropbearkey -y -f /etc/dropbear/dropbear_rsa_host_key | grep "^ssh-rsa " >> authorized_keys
dropbearkey -y -f /etc/dropbear/dropbear_rsa_host_key | grep "^ssh-rsa" > /etc/dropbear-initramfs/authorized_keys

scp [email protected]:/etc/dropbear/ssh_host_rsa_key ~/.ssh/remote_dropbear_id_rsa
ssh -i "~/.ssh/remote_dropbear_id_rsa" [email protected]




Hello please help me which steps i have to do for being able to connect later over ssh to the dropbear server (rpi).
After encryption of root directory i get after login

Warning: Permanently added '192.168.1.199' (ECDSA) to the list of known hosts.
Load key "/root/.ssh/remote_dropbear_id_rsa": invalid format
[email protected]: Permission denied (publickey).



why is the key format invailid ? i just used the generated one from dropbear install in the directory /etc/dropbear/



i tried following tuts:




tried images:
kali-linux-2018.4-rpi3-nexmon.img
kali-linux-2018.4a-rpi3-nexmon-64.img

i once used raspbian and i would prefer to do so later,
i just want the encryption of root to provide from there keys for external storage for my cloud server running on the rpi
Waller66 is offline  
Old 12/02/2018, 10:21   #2


 
SchlitzAugenSchlitzer's Avatar
 
elite*gold: 121
Join Date: Jan 2015
Posts: 1,269
Received Thanks: 509
I have no clue about linux, but does it maybe pull the public keys instead of the private keys?
SchlitzAugenSchlitzer is offline  
Thanks
1 User
Old 12/02/2018, 14:50   #3
 
Der-Eddy's Avatar
 
elite*gold: 400
Join Date: Nov 2008
Posts: 67,909
Received Thanks: 19,503
Quote:
Originally Posted by SchlitzAugenSchlitzer View Post
I have no clue about linux, but does it maybe pull the public keys instead of the private keys?
Looks like it
the public key should have the suffix .pub

you need to transfer the public key into your authorized_keys file
Der-Eddy is offline  
Thanks
1 User
Old 12/02/2018, 16:34   #4
 
Waller66's Avatar
 
elite*gold: 0
Join Date: Nov 2010
Posts: 1,548
Received Thanks: 333
vielen dank, habe echt noch nie mit ssh gearbeitet und hangel mich nur durch die diversesten internet beiträge, ich prüfe mal

root@kali:/etc/dropbear# ls
dropbear_dss_host_key dropbear_ecdsa_host_key dropbear_rsa_host_key log run

there is no .pub key generated

server side:
dropbearkey -y -f /etc/dropbear/dropbear_rsa_host_key | grep "^ssh-rsa" > /etc/dropbear-initramfs/authorized_keys
only with original keyfile no error with id_rsa and id_rsa.pub string to long, i guess u just use id_rsa and export the public key it isnt working so i guess i have to convert the keyfile

root@pc:~# ssh -o "UserKnownHostsFile=/etc/dropbear/dropbear_rsa_host_key" -i "~/.ssh/remote_dropbear_id_rsa" [email protected]
[MENTION=598592 [MENTION=476870 [MENTION=3375833 [MENTION=751512 @[/MENTION][/MENTION][/MENTION][/MENTION] [MENTION=598592 [MENTION=476870 [MENTION=3375833 [MENTION=751512 @[/MENTION][/MENTION][/MENTION][/MENTION] [MENTION=598592 [MENTION=476870 [MENTION=3375833 [MENTION=751512 @[/MENTION][/MENTION][/MENTION][/MENTION] [MENTION=598592 [MENTION=476870 [MENTION=3375833 [MENTION=751512 @[/MENTION][/MENTION][/MENTION][/MENTION] [MENTION=598592 [MENTION=476870 [MENTION=3375833 [MENTION=751512 @[/MENTION][/MENTION][/MENTION][/MENTION] [MENTION=598592 [MENTION=476870 [MENTION=3375833 [MENTION=751512 @[/MENTION][/MENTION][/MENTION][/MENTION [MENTION=3375833 [MENTION=751512 @[/MENTION][/MENTION]
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
[MENTION=598592 [MENTION=476870 [MENTION=3375833 [MENTION=751512 @[/MENTION][/MENTION][/MENTION][/MENTION] [MENTION=598592 [MENTION=476870 [MENTION=3375833 [MENTION=751512 @[/MENTION][/MENTION][/MENTION][/MENTION] [MENTION=598592 [MENTION=476870 [MENTION=3375833 [MENTION=751512 @[/MENTION][/MENTION][/MENTION][/MENTION] [MENTION=598592 [MENTION=476870 [MENTION=3375833 [MENTION=751512 @[/MENTION][/MENTION][/MENTION][/MENTION] [MENTION=598592 [MENTION=476870 [MENTION=3375833 [MENTION=751512 @[/MENTION][/MENTION][/MENTION][/MENTION] [MENTION=598592 [MENTION=476870 [MENTION=3375833 [MENTION=751512 @[/MENTION][/MENTION][/MENTION][/MENTION [MENTION=3375833 [MENTION=751512 @[/MENTION][/MENTION]
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:zA+QC/UCaKowl+nNlKWpC1ZkwNjs+GqOsR0A4SIkK1c.
Please contact your system administrator.
Add correct host key in /etc/dropbear/dropbear_rsa_host_key to get rid of this message.
Offending ECDSA key in /etc/dropbear/dropbear_rsa_host_key:4
remove with:
ssh-keygen -f "/etc/dropbear/dropbear_rsa_host_key" -R "192.168.1.199"
ECDSA host key for 192.168.1.199 has changed and you have requested strict checking.
Host key verification failed.


root@pc:~# ssh -i "~/.ssh/remote_dropbear_id_rsa" [email protected]
Load key "/root/.ssh/remote_dropbear_id_rsa": invalid format
[email protected]: Permission denied (publickey).
Waller66 is offline  
Old 12/02/2018, 19:20   #5
 
Der-Eddy's Avatar
 
elite*gold: 400
Join Date: Nov 2008
Posts: 67,909
Received Thanks: 19,503
out of curiosity, gibt es eigentlich einen Grund warum du Dropbear nutzt? OpenSSH ist nicht nur vor installiert, sondern verbraucht fast kaum mehr Leistung, nur auf einem Raspberry Pi Zero würde es sich vielleicht lohnen
die oben beschriebene Public Key Authentifizierung gibt es genauso auch unter OpenSSH

aber um das mal aufzuschlüsseln (haha):
- Hast du bereits einen RSA/SSH Schlüssel? In dem Fall kannst du diesen für dein Vorhaben wieder verwenden (meistens zu finden unter ~/.ssh/id_rsa bzw. ~/.ssh/id_rsa.pub)
- Wenn du keinen hast, erstellst du dir einen auf deinem Home System über ssh-keygen
- Den Public Key kannst du über ssh-copy-id auf einen Server übertragen
- Wenn jetzt bei dir der gpg-agent läuft mit dem passenden private key eingehängt, kannst du dich über SSH mit diesem anmelden
Der-Eddy is offline  
Thanks
1 User
Old 12/02/2018, 19:47   #6
 
Waller66's Avatar
 
elite*gold: 0
Join Date: Nov 2010
Posts: 1,548
Received Thanks: 333
Ich will mit dropear die sd karte entschlüsseln über ssh
habe den public key soweit exportiert und lässt sich soweit nutzen aber nachdem reboot kommt das:

root@pc:~# ssh -i "~/.ssh/remote_dropbear_id_rsa" [email protected]
The authenticity of host '192.168.1.199 (192.168.1.199)' can't be established.
ECDSA key fingerprint is SHA256:zA+QC/UCaKowl+nNlKWpC1ZkwNjs+GqOsR0A4SIkK1c.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.199' (ECDSA) to the list of known hosts.
Load key "/root/.ssh/remote_dropbear_id_rsa": invalid format
[email protected]: Permission denied (publickey).


habe aber mit

root@kali:/etc/dropbear# dropbearkey -y -f dropbear_rsa_host_key dropbear_rsa_publickey.pub
export funkt nicht habe aber return value also .pub key gespeichert und zu meinem pc übertragen und nun kommt der fehler wie oben angezeigt
root@pc:~# nano /root/.ssh/remote_dropbear_id_rsa
ssh-rsa AABAB3NzaC1yc2EAAAADAQABAAABAQCTf5rNHAgh2IYPb7Tal0 FrSTxkMkrjtIXHQsK0mzhmxELGzunj0VxAXE$

vor dem reboot ging der ssh connect über diesen befehl:
ssh -o "UserKnownHostsFile=/etc/dropbear/dropbear_rsa_host_key" -i "~/.ssh/remote_dropbear_id_rsa" [email protected]

nach dem reboot muss ich einmal
ssh-keygen " -R "192.168.1.199"
ausführen um reconnecten zu können aber danach geht nix mehr und führt zu dem error oben


last stauts

ssh -o "UserKnownHostsFile=/etc/dropbear-initramfs/authorized_keys" -i "~/.ssh/remote_dropbear_id_ecdsa" [email protected]


Permissions 0555 for '/root/.ssh/remote_dropbear_id_ecdsa' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "/root/.ssh/remote_dropbear_id_ecdsa": bad permissions
[email protected]: Permission denied (publickey).

solved over chmod 600 ~/.ssh/remote_dropbear_id_ecdsa

still getting connection error Permission denied (publickey).

maybe i have to use these keys? but i cant find the directory
root@kali:~# lsinitramfs /boot/initramfs.gz | grep cryptsetup
root@kali:~# lsinitramfs /boot/initramfs.gz | grep authorized
root-Ilip7P/.ssh/authorized_keys

what i dont get at all which format does the public and private key have.

Generating Dropbear RSA host key. Please wait.
Generating 2048 bit rsa key, this may take a while...
2048 SHA256:It01Ls4mbIT2SNWs+owCBB9QANH0lUeIfl3ZGi8yEsY root@kali (RSA)
+---[RSA 2048]----+
|*Bo o.+. o |
|. o...Eo. + . |
|.. o...+o.o+ |
| .. .+oo+oo.. |
|. =.=.So.. |
|. o B + . |
| . o = + |
| . = o |
| .. o |
+----[SHA256]-----+ install generated key



dropbearkey -y -f /etc/dropbear/dropbear_rsa_host_key2
Public key portion is:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCGTBzfJdTnGbgieyuhRR tkn+Jirc6t8K8I0HKbclw7SbQc7hrKF716VGvmNhylPjljbK0x 0hWgcJpdNGYy7w6vSwXtfDhR1oPFt/ltAkMxmvXeHy3BCfV6JRXDe8DdpyqnB5KY2uoRhXFocYNx2yDm 4qslVKxpcx1QXBQ/3/DjZ45Kd2E8efNmIpUOoxheQFgP2rumZqUpWWazD2vdsCWjy42T oQrVBek7uuBWUohlc0AX1KpyBW8uJIdSmCOWpuENp0XRBdRIA6 N7xBBXsAWmxnVxZGQIVP6fNOh3Arl6hCSsaAQk931j9usCy8ex GO3QUqL4apu1dYHpJoyIBRD7 root@kali

Which format has a dropbear ssh file?
I get this:
Warning: Permanently added '192.168.1.199' (ECDSA) to the list of known hosts.
Load key "/root/.ssh/remote_dropbear_id_rsa": invalid format


what does the file have to look like?
Waller66 is offline  
Reply


Similar Threads Similar Threads
ERROR: Starting Database .. start.sh: ./db: Permission denied
07/06/2014 - Metin2 PServer Guides & Strategies - 9 Replies
Hello. I have this Error when i try starting my root server this is the Error: Starting Database .. start.sh: ./db: Permission denied Starting Auth ..
ERROR: Starting Database .. start.sh: ./db: Permission denied
02/14/2012 - Metin2 Private Server - 0 Replies
Hello. I have this Error when i try starting my root server this is the Error: Starting Database .. start.sh: ./db: Permission denied Starting Auth ..
Permission denied error after opening the game (Help)
01/10/2012 - Metin2 Private Server - 3 Replies
Permission denied error after opening the game What could be the reason for this is ? screenshot: http://d1201.hizliresim.com/t/b/1q0gs.jpg http://d1201.hizliresim.com/t/b/1q0gs.jpg
starting root = permission denied
09/07/2010 - Metin2 Private Server - 7 Replies
http://i55.tinypic.com/i449ll.jpg grant all to root or what?? what its the problem here ^^?
Permission Denied. Root
06/10/2010 - Metin2 Private Server - 4 Replies
Hey, wenn ich versuche PHP zu installieren auf Root kommt dieser Fehler: /usr/ports/graphics/php5-gd: Permission denied. Ist doch Fehler mit 777 oder? Was muss ich da machen`? MFG



All times are GMT +1. The time now is 17:39.


Powered by vBulletin®
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Terms of Service | Abuse
Copyright ©2024 elitepvpers All Rights Reserved.