Package: dropbear
Version: 2012.55-1.3
Severity: normal
Tags: patch
Dear Maintainer,
When installing dropbear after creating a cryptroot setup
dropbear creates new keys in /etc/initramfs-tools/etc/dropbear/
instead of using the keys in /etc/dropbear/. This can cause
headaches when the ssh client compains of changed host keys.
A work-around is to use "ssh -o StrictHostKeyChecking=no"
whenever ssh-ing in to supply the root fs password.
The attached untested patch to the debian/dropbear.postinst file
should fix the problem.
-- System Information:
Debian Release: 7.1
APT prefers stable
APT policy: (500, 'stable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages dropbear depends on:
ii libc6 2.13-38
ii zlib1g 1:1.2.7.dfsg-13
dropbear recommends no packages.
Versions of packages dropbear suggests:
ii openssh-client 1:6.0p1-4
pn runit <none>
ii udev 175-7.2
ii xauth 1:1.0.7-1
-- no debconf information
--- dropbear.postinst 2013-07-03 22:30:56.000000000 -0500
+++ dropbear.postinst-new 2013-07-03 22:52:50.290774015 -0500
@@ -65,6 +65,15 @@
# if dropbear is to be installed to initramfs, we have to update initramfs.
if ( test -r /etc/initramfs-tools/initramfs.conf || test -r /usr/share/initramfs-tools/conf-hooks.d/* ) &&
test -x /usr/sbin/update-initramfs; then
+ # copy host keys
+ for keytype in "dss" "rsa"; do
+ if [ ! -f "/etc/initramfs-tools/etc/dropbear/dropbear_${keytype}_host_key" ]; then
+ mkdir -p "/etc/initramfs-tools/etc/dropbear"
+ cp -a "/etc/dropbear/dropbear_${keytype}_host_key" \
+ "/etc/initramfs-tools/etc/dropbear/dropbear_${keytype}_host_key"
+ fi
+ done
+ # update initramfs
for i in /etc/initramfs-tools/initramfs.conf /usr/share/initramfs-tools/conf-hooks.d/*; do
if [ -e "${i}" ]; then
. "${i}"
