Remote unlocking of full disk encryption via dropbear-ssh stopped worked on one machine. I still don’t know why, as it continues to work on numerous other machines, despite all being built from the same image. But oh well.
It’s an ssh issue:
Permission denied (publickey)
Attempting to connect via ssh with additional debug options
-vvvv gave me:
debug1: send_pubkey_test: no mutual signature algorithm
Which I think means that OpenSSL on my laptop doesn’t, by default, use RSA SHA-1 anymore.
I tried re-keying using
ssh-keygen, but no change.
I tried re-keying using ED25519, but dropbear does not support this (or, at least, the version available to Raspberry Pi OS does not).
So I went for a workaround. I added
to the host’s entry in
~/.ssh/config, and it worked.