[oldnewbie]

Hello everyone,
First time post -- i.e. I'm finally at wit's end with dropbear.

Just wondering if anyone out there has some experience trying to do what I'm trying to do here.

Just for background: I'm want to prepare my pi for co-location and I would like to secure it enough so that sending it off to the colo isn't the equivalent of sending them my passwords with a big red ribbon on them. I do know that given time, and physical access, it's pretty much a lost cause trying to protect one's data. HOWEVER, I'd like to devise something that at least makes it difficult and time-consuming to get at it.

With that said, here's what I've accomplished so far: LUKS encrypted root partition that can be unlocked either at the console or via ssh (dropbear). All of this I have working. I even have it so that during the init phase, the pi calls home and asks for the unlock-password which my home-pc provides and then the pi unlocks the root partition and continues booting.

I used the dropbear_initrd_encrypt package from AUR to get the automatic root unlocking going.

Okay, so here's what I'm trying to do: I'd like to substitute the keys that dropbear uses for authentication at runtime. That is, I'd like to remove all the keys that were generated based on /etc/dropbear/root_key during the build of the initramfs, and replace them at runtime with a new key, which is the actual "good" key to log in with.

I've tried every permutation of this scheme and I can't get it to authenticate properly. I've gone over everything with a fine tooth comb and can't figure out what's going on. It totally looks like the key is getting moved properly and the permissions on it look good. It even looks like dropbear is actually using the host_key you're telling it to use, but then authentication fails.

I've tried invoking dropbear with -R and -r and neither of them seem to make a difference.

Here's what I think I should be able to do (and what the documentation seems to be telling me):

1. Create my initramfs with a bogus/corrupt "/etc/dropbear/root_key" file.
2. In an install hook I make sure a good key is deposited at, say, /tmp/good_key
3. So I end up with 3 useless host_key files in /etc/dropbear and a good key in /tmp/good_key.
4. Launch dropbear: /sbin/dropbear -r /tmp/good_key

It launches fine, no error messages. But when it comes time to ssh in, authentication fails.

Not only that but all kinds of other things I've tried (and tried) flat-out don't work.

What's really confusing and annoying is that if you leave /etc/dropbear popluated with good keys and then invoke dropbear using the alternate key ( dropbear -r /tmp/good_key), I can authenticate. Then you go and corrupt the keys in /etc/dropbear, try invoking it with -r /tmp/good_key again and no go. It's as if it lets you think it's using the key you're telling it to use but then silently falling back and using the ones in /etc/dropbear.

Everything else about setting this pi up and been really quite smooth. I just can't seem to get over this hump though and it's driving me CRAZY!!

Hoping against hope that someone out there can show me what stupid thing I'm doing wrong.

Sorry for the length, thanks for reading,
Rob