Try to print network devices information when interface setup fails

Useful to check interfaces name and MAC address. v0.9-1
Example to convert existing OpenSSH key to PEM format
2025-12-16 01:28:57 +03:00 · 2021-10-24 17:56:16 +02:00 · 2021-08-15 23:07:37 +02:00 · 2021-08-15 22:58:32 +02:00 · 2020-07-14 16:22:54 +02:00
5 changed files with 47 additions and 10 deletions
--- a/19
+++ b/19
@@ -1,8 +1,27 @@
 2021-10-24 Julien Coloos <julien.coloos [at] gmail [dot] com>
        * v0.9-1
        Try to print network devices information when interface setup fails
 2021-08-15 Julien Coloos <julien.coloos [at] gmail [dot] com>
        * v0.8-1
        Include 'libgcc_s.so.1' which is necessary for (at least) proper LUKS v2 handling
 2020-07-14 Julien Coloos <julien.coloos [at] gmail [dot] com>
        * v0.7-1
        Dropped 'dsa' private key support; added 'ed25519' private key support
 2018-03-13 Julien Coloos <julien.coloos [at] gmail [dot] com>
        * v0.6-1
        Dropped '-m' option when calling dropbear (latest ArchLinux version does not handle it)
 2017-06-25 Julien Coloos <julien.coloos [at] gmail [dot] com>
        * v0.5-1
--- a/4
+++ b/4
@@ -1,6 +1,6 @@
 # Maintainer: Julien Coloos <julien.coloos [at] gmail [dot] com>
 pkgname=initrd-ssh-cryptsetup
-pkgver=0.6
+pkgver=0.9
 pkgrel=1
 pkgdesc="Allows for LUKS-encrypted devices to be unlocked remotely over SSH"
 arch=('any')
@@ -10,7 +10,7 @@ depends=('dropbear' 'cryptsetup' 'mkinitcpio-nfs-utils' 'iproute2')
 install=$pkgname.install
 changelog='ChangeLog'
 source=("http://julien.coloos.free.fr/archlinux/$pkgname-$pkgver.tar.xz" "$pkgname.install")
-md5sums=('3fa8f5dd00a85b32025d01e5701e1407'
+md5sums=('c94a905ca91f7afe2c0f771bd5182cb2'
         'ac60109d80e7bb2af0d66e69aaf178a6')
 package() {
--- a/README.md
+++ b/README.md
@@ -16,7 +16,13 @@ Either a new key can be generated with `dropbearkey`, e.g.:
 Or an existing OpenSSH key can be converted with `dropbearconvert` (useful so that the server fingerprint is the same with both), e.g.:
    dropbearconvert openssh dropbear /etc/ssh/ssh_host_ecdsa_key /etc/dropbear/dropbear_ecdsa_host_key
-Note: `rsa` and `dss` (`dsa` in OpenSSH) types are also handled.
+Notes:
   * `rsa` and `ed25519` types are also handled
   * OpenSSH keys must be in `PEM` format for `dropbearconvert` to properly work
 If necessary an existing key file can be converted to `PEM` format using `ssh-keygen`:
    ssh-keygen -A -p -m PEM -f /etc/ssh/ssh_host_ecdsa_key
 ## Configuration
@@ -24,6 +30,7 @@ As explained upon installation, the following things need to be done:
   * add the authorized SSH public key to `/etc/dropbear/initrd.authorized_keys`
   * add the `ip=` kernel command parameter to the bootloader configuration (see https://wiki.archlinux.org/index.php/Mkinitcpio#Using_net)
      - e.g. with `grub`: add `ip=:::::eth0:dhcp` to `GRUB_CMDLINE_LINUX_DEFAULT` in `/etc/default/grub`, and re-generate the configuration with `grub-mkconfig -o /boot/grub/grub.cfg`
      - also see https://git.kernel.org/pub/scm/libs/klibc/klibc.git/tree/usr/kinit/ipconfig/README.ipconfig
   * in the `HOOKS` section of `/etc/mkinitcpio.conf`, add `ssh-cryptsetup` before `filesystems`; then rebuild the initramfs: `mkinitcpio -p linux`
      - when using a non-standard keyboard layout, it is also useful to add the `keymap` hook before `ssh-cryptsetup`, and also move `keyboard` before `keymap`
@@ -52,7 +59,7 @@ For example:
 ## Building notes
 1. Modify the sources (features in `src`, and/or package building files)
 2. If `src` was modified
-   * archive the `src` folder in `$pkgname-$pkgver.tar.xz` file; e.g.: `tar -cJf initrd-ssh-cryptsetup-0.4.tar.xz src`
+   * archive the `src` folder in `$pkgname-$pkgver.tar.xz` file; e.g.: `tar -cJf initrd-ssh-cryptsetup-0.9.tar.xz src`
   * upload the archive on the online repository (pointed by `PKGBUILD`)
 3. Update ChangeLog
 4. Update `PKGBUILD`
--- a/src/hooks/ssh-cryptsetup
+++ b/src/hooks/ssh-cryptsetup
@@ -40,9 +40,12 @@ sshcs_net_start() {
    echo ""
    echo "Configuring IP (timeout = ${sshcs_opt_timeout_ipconfig}s) ..."
    # ipconfig manual: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/tree/usr/kinit/ipconfig/README.ipconfig
    ipconfig_out=$(ipconfig -t "${sshcs_opt_timeout_ipconfig}" "ip=${ip}")
    if [ $? -ne 0 ]; then
        err "IP configuration timeout!"
        echo "Devices probing:"
        ipconfig -n -t 5 -c none all
        return 1
    fi
--- a/src/install/ssh-cryptsetup
+++ b/src/install/ssh-cryptsetup
@@ -32,7 +32,7 @@ build() {
    local etc_crypttab="/etc/crypttab"
    local dropbear_authorized_keys="/etc/dropbear/initrd.authorized_keys"
    local sshcs_env="/etc/initcpio/sshcs_env"
-    local dropbear_key_types=( "dss" "rsa" "ecdsa" )
+    local dropbear_key_types=( "rsa" "ecdsa" "ed25519" )
    local dropbear_keyfile_prefix="/etc/dropbear/dropbear_"
    local dropbear_keyfile_suffix="_host_key"
    local openssh_keyfile_prefix="/etc/ssh/ssh_host_"
@@ -53,6 +53,9 @@ build() {
    sshcs_check_keys
    add_checked_modules "/drivers/net/"
    # Note: parts of this script (modules/binaries added) are the same than the
    # 'encrypt' install script (/usr/lib/initcpio/install/encrypt) which is the
    # nominal one to deal with encrypted volumes at boot time.
    add_module dm-crypt
    # Note: crypto modules are necessary
    if [ -n "${CRYPTO_MODULES}" ]; then
@@ -79,9 +82,9 @@ build() {
    # SSH-related files
    add_file "${dropbear_authorized_keys}" "/root/.ssh/authorized_keys"
-    add_file "/etc/dropbear/dropbear_rsa_host_key"
+    for keytype in "${dropbear_key_types[@]}"; do
-    add_file "/etc/dropbear/dropbear_dss_host_key"
+        add_file "${dropbear_keyfile_prefix}${keytype}${dropbear_keyfile_suffix}"
-    add_file "/etc/dropbear/dropbear_ecdsa_host_key"
+    done
    # cryptsetup-related files
    add_file "${etc_crypttab}"
@@ -90,6 +93,11 @@ build() {
    add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
    add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
    # At least with LUKS v2 volumes, cryptsetup calls pthread_cancel(), which
    # dlopen()s libgcc_s.so.1.
    # See the nominal 'encrypt' module, and similar/related bug reports (e.g.
    # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950254).
    add_binary "/usr/lib/libgcc_s.so.1"
    add_runscript
 }
@@ -113,8 +121,8 @@ initrd shell):
   - default (and minimum value): 2 minutes
   - negative value to deactivate
-Each SSH server key ('dropbear_rsa_host_key', 'dropbear_dss_host_key' and
+Each SSH server key ('dropbear_rsa_host_key', 'dropbear_ecdsa_host_key' and
-'dropbear_ecdsa_host_key' in '/etc/dropbear' folder) is imported from OpenSSH
+'dropbear_ed25519_host_key' in '/etc/dropbear' folder) is imported from OpenSSH
 if present or generated if missing. Fingerprints are displayed upon building
 the initramfs image.
 EOF
Author	SHA1	Message	Date
Julien Coloos	c3cafcf6cd	Try to print network devices information when interface setup fails Useful to check interfaces name and MAC address. v0.9-1	2021-10-24 17:56:16 +02:00
Julien Coloos	b3e9382f08	Example to convert existing OpenSSH key to PEM format	2021-08-15 23:07:37 +02:00
Julien Coloos	8ebd239c7a	Include 'libgcc_s.so.1' for proper LUKS v2 support v0.8-1	2021-08-15 22:58:32 +02:00
Julien Coloos	bc04382857	Drop 'dsa' and add 'ed25519' private key support Update README: dropbearconvert requires OpenSSH keys in PEM format. Changed installation script to rely on variables, especially the list of handled private key types, to that it automatically packages expected private keys, instead of having to explicitely name/package them.	2020-07-14 16:22:54 +02:00