Other ways to login and decrypt LUKS volumen when dropbear-initramfs is installed

Question

I'm new to this site and after searching for a couple of hours already, I couldn't find a similar topic or figure out a solution, so I'm going to ask here.

I have setup a new remote server with Ubuntu 22.04, LUKS encrypted SSD volume, dropbear-initramfs and busybox. The remote configuration works fine and I can login to dropbear and decrypt the volume when rebooting the system.

However, I'm thinking what would be if I mess up for example the ssh-port-access (happened to me in the past, but with non-ecrypted volume). I fixed this by logging in with keyboard and screen connected to the server. However, with dropbear-initramfs installed, I see no obvious way to shut down dropbear when the server is rebooting. Is there any chance to shutdown dropbear (maybe automatically after several minutes without connection attempt) to get back to normal boot sequence in order to decrypt the volume and login with keyboard and screen attached? Or what would be the backup strategy in case there's no way to get ssh access to dropbear for some reason?

Answer 1

This is based on my experience with dropbear-initramfs on Debian circa 3 years ago. Things might have changed since or work differently on Ubuntu, although I doubt it.

dropbear-initramfs doesn't disable the usual LUKS password prompt at boot. It will still appear and you will still be able to enter the password and unlock the drive using a physical keyboard.

If the correct password is provided through dropbear-initramfs, the on-screen prompt is cancelled and boot continues as if the password was entered directly.