Dropbear

Remote unlock encrypted root filesystems over SSH on boot.

Migrated to ansible collection

Use r_pufky.deb.dropbear.

Warning

Most systems do not encrypt /boot and therefore dropbear keys should be considered compromised/untrusted; use separate keys when using dropbear!

See Wireguard to enable wireguard service on boot for fully encrypted remote boot root FS unlock.

Reference¹

---

1. https://linuxconfig.org/how-to-install-and-configure-dropbear-on-linux ↩