Package: dropbear-initramfs Version: 2022.83-1+deb12u1 Severity: normal X-Debbugs-Cc: deb...@rocketjump.eu
Hi, I have a remote server running bookworm that is configured to use dropbear-initramfs and cryptsetup-initramfs to unlock the LUKS container. The way I unlock it is shown below: $ until ssh r...@hopper-boot.rocketjump.eu cryptroot-unlock; do sleep 3; done ssh: connect to host hopper-boot.rocketjump.eu port 22: Connection refused ssh: connect to host hopper-boot.rocketjump.eu port 22: Connection refused ssh: connect to host hopper-boot.rocketjump.eu port 22: Connection refused ssh: connect to host hopper-boot.rocketjump.eu port 22: Connection refused ssh: connect to host hopper-boot.rocketjump.eu port 22: Connection refused ssh: connect to host hopper-boot.rocketjump.eu port 22: Connection timed out ssh: connect to host hopper-boot.rocketjump.eu port 22: Connection timed out ssh: connect to host hopper-boot.rocketjump.eu port 22: Connection timed out ssh: connect to host hopper-boot.rocketjump.eu port 22: Connection timed out ssh: connect to host hopper-boot.rocketjump.eu port 22: Connection timed out ssh: connect to host hopper-boot.rocketjump.eu port 22: Connection timed out ssh: connect to host hopper-boot.rocketjump.eu port 22: Connection timed out ssh: connect to host hopper-boot.rocketjump.eu port 22: Connection timed out ssh: connect to host hopper-boot.rocketjump.eu port 22: Connection timed out ssh: connect to host hopper-boot.rocketjump.eu port 22: Connection timed out ssh: connect to host hopper-boot.rocketjump.eu port 22: Connection timed out ssh: connect to host hopper-boot.rocketjump.eu port 22: Connection timed out Please unlock disk md2_crypt Timeout, server hopper-boot.rocketjump.eu not responding. Please unlock disk md2_crypt Timeout, server hopper-boot.rocketjump.eu not responding. Please unlock disk md2_crypt Timeout, server hopper-boot.rocketjump.eu not responding. Timeout, server hopper-boot.rocketjump.eu not responding. Timeout, server hopper-boot.rocketjump.eu not responding. Timeout, server hopper-boot.rocketjump.eu not responding. ^C^C As you can see, while rebooting the connection is refused, as sshd is already shutdown, but the server is reachable. Then the connection times out while it's still doing a POST. At some point dropbear becomes reachable, as shown by the output of "Please unlock disk md2_crypt", however the connection seems to error out after a while, and after three attempts, dropbear becomes unresponsive. This forces me to hard reset the server and try again until I catch it in the right moment. After some debugging, it turns out that ServerAliveInterval != 0 will cause the ssh client to reset the connection, which dropbear will count as unlock attempt, and after three tries it will fail and drop to initramfs shell, after which it's not reachable anymore. It would be great to prominently document that dropbear(-initramfs) does not handle the ServerAliveInterval ssh client setting. Greets, Lee -- System Information: Debian Release: 12.5 APT prefers stable-updates APT policy: (990, 'stable-updates'), (990, 'stable-security'), (990, 'proposed-updates'), (990, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-20-amd64 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages dropbear-initramfs depends on: ii busybox 1:1.35.0-4+b3 pn dropbear-bin <none> ii initramfs-tools 0.142 ii udev 252.23-1~deb12u1 Versions of packages dropbear-initramfs recommends: ii cryptsetup-initramfs 2:2.6.1-4~deb12u2 dropbear-initramfs suggests no packages.