cannot change dropbear port (in initramfs)

Bug #539904 reported by DW
This bug affects 6 people
Affects Status Importance Assigned to Milestone
dropbear (Ubuntu)

Bug Description

Binary package hint: dropbear

I'm using crypsetup & dropbear for remote root encryption and everything is working fine but I would like to move the dropbear server to a non-standard port for security reasons.
I tried changing ports in:
/etc/init.d/dropbear and even in
but none of those seem to change the port from 22 to what I've entered
(I have run update-initramfs -u -k all after I changed settings :)

I also tried searching for '22' in the initramfs dirs that I could find but no luck


Changed in dropbear (Ubuntu):
status: New → Confirmed
Revision history for this message
jhansonxi (jhansonxi) wrote :

The problem is in /usr/share/initramfs-tools/scripts/init-premount/dropbear

Last line:

Obviously some parameters need to be added else it defaults to 22. According to the dropbear man page it uses "-p [address | address:port | port]" but each additional port requires a separate "-p" and it only supports 10 ports maximum.

Workaround (untested):
dpkg-divert --rename --divert /usr/share/initramfs-tools/dropbear.original /usr/share/initramfs-tools/scripts/init-premount/dropbear
cp /usr/share/initramfs-tools/dropbear.original /usr/share/initramfs-tools/scripts/init-premount/dropbear

Edit /usr/share/initramfs-tools/scripts/init-premount/dropbear and add "-p [port number]" then execute:
update-initramfs -u

Revision history for this message
jhansonxi (jhansonxi) wrote :

I filed bug #904045 about Dropbear's init script only supporting a single address/port declaration. The fix for that will probably influence this bug.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers