Follow up from https://lemmy.world/post/37310527

We did it gang, and we went even further to be able to enter the LUKS password from anywhere via Tailscale.

The general Dropbear info from the Debian wiki seems accurate though it included dropbearconvert usage that wasn’t mentioned elsewhere. Unsure if that was needed or not but I did it anyway.

I also referenced this guide. I especially enjoyed the -c cryptroot-unlock param to Dropbear so it automatically prompts me for the password on login.

I’ve been getting familiar with Tailscale over the past few weeks and also just replaced my home router (immediately flashed with OpenWRT). Turns out you can run Tailscale on OpenWRT and cajigger it in a way that you can use the router as an exit node while allowing LAN access. So, I did that. Now, with Dropbear, the static IP in my initramfs, and Tailscale, if the server reboots while I’m away from home I can SSH via my phone and enter the LUKS password to allow it to boot.

… mostly it’s just going to be when I don’t want to dig behind my desk to plug in a keyboard, but the truly remote option is nice too.

Thanks for all the input.

  • clifOP
    1·
    4 小时前

    Hey bud - for the most part it worked great following the guide. The static IP was very important because dropbear is active before DNS (at least in my config) so you have to configure it in a way that you can definitively find it - and a static IP was the way. I just gave it an easy to remember one at 10.0.0.3 since I already have important things at *.1 and *.2.

    Another thing that tripped me up originally is that you need to SSH as the root user. That doesn’t seem to be your problem since you’re not getting there over the network, but FYI for when you fix it.

    Destination Host Unreachable

    That’s definitely a network problem. Maybe fire it up and then check your router for active IP leases and see which one it took?

    I’m attempting all of this over wifi, in case that matters

    It probably shouldn’t matter in any super meaningful way, but I do have mine hardwired with cat6 so that could definitely be a difference.

    Definitely let us know how it goes - you’re adding to the knowledge pool and that’s awesome.

    EDIT : Make sure you can find it on the network first, then work backwards from there. At the moment, it seems like you aren’t getting network connectivity.