{"id":21342549,"url":"https://github.com/hugojosefson/dropbear-auto-unlock","last_synced_at":"2026-05-15T21:35:33.932Z","repository":{"id":263064066,"uuid":"887503096","full_name":"hugojosefson/dropbear-auto-unlock","owner":"hugojosefson","description":"CLI tool to automate remote unlocking of encrypted disks on servers during boot.","archived":false,"fork":false,"pushed_at":"2025-02-11T18:30:45.000Z","size":70,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-07-26T02:48:42.102Z","etag":null,"topics":["boot","decrypt","deno","dropbear","ssh","unlock","xstate","zfs"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hugojosefson.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-11-12T20:57:12.000Z","updated_at":"2025-02-11T18:29:50.000Z","dependencies_parsed_at":"2024-11-15T23:19:21.632Z","dependency_job_id":"bb0ce1b2-2a01-424b-a64f-df848031b398","html_url":"https://github.com/hugojosefson/dropbear-auto-unlock","commit_stats":null,"previous_names":["hugojosefson/dropbear-auto-unlock"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/hugojosefson/dropbear-auto-unlock","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hugojosefson%2Fdropbear-auto-unlock","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hugojosefson%2Fdropbear-auto-unlock/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hugojosefson%2Fdropbear-auto-unlock/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hugojosefson%2Fdropbear-auto-unlock/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hugojosefson","download_url":"https://codeload.github.com/hugojosefson/dropbear-auto-unlock/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hugojosefson%2Fdropbear-auto-unlock/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33080777,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-15T20:25:35.270Z","status":"ssl_error","status_checked_at":"2026-05-15T20:25:34.732Z","response_time":103,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["boot","decrypt","deno","dropbear","ssh","unlock","xstate","zfs"],"created_at":"2024-11-22T01:09:07.330Z","updated_at":"2026-05-15T21:35:33.917Z","avatar_url":"https://github.com/hugojosefson.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# dropbear-auto-unlock\n\nCLI tool to automate remote unlocking of encrypted disks on servers during boot.\n\n[![JSR Score](https://jsr.io/badges/@hugojosefson/dropbear-auto-unlock/score)](https://jsr.io/@hugojosefson/dropbear-auto-unlock)\n[![CI](https://github.com/hugojosefson/dropbear-auto-unlock/actions/workflows/deno.yaml/badge.svg)](https://github.com/hugojosefson/dropbear-auto-unlock/actions/workflows/deno.yaml)\n\n## Overview\n\nWhen a server with encrypted disks starts up, it often requires a passphrase to\nunlock the disks before completing the boot process. If a minimal SSH server is\ninstalled on the server that prompts for the passphrase, you can use this tool\nto automatically unlock the disks without manual intervention.\n\nThis tool connects to the server running a minimal SSH server such as\n[Dropbear](https://matt.ucc.asn.au/dropbear/dropbear.html), which is typically\navailable in the early stages of the boot process. It then provides the\nnecessary passphrase to unlock the encrypted disks, allowing the server to\ncontinue booting automatically.\n\n### Key features\n\n- **Automated Unlocking**: Eliminates the need for manual passphrase entry on\n  remote or headless servers.\n\n- **Multiple Destinations**: Supports unlocking multiple servers simultaneously.\n\n- **Alternative Addresses**: Allows specifying multiple addresses for a server,\n  useful if the server's IP or hostname changes after booting.\n\n- **Low resource usage**: When it finds a server is already unlocked, it waits\n  for the next reboot without polling, before attempting to reconnect.\n\n## Requirements\n\n### On your secure computer\n\n- `/bin/sh`\n- `unzip`\n- `curl`\n- `ssh` with key-based authentication configured\n- A way of providing the passphrase on the command line, such as a password\n  manager or a file containing the passphrase.\n\n### On the server\n\n- Encrypted disks with a passphrase\n- Dropbear installed and running on the server, accepting SSH connections from\n  the secure computer using key-based authentication. When authenticated, the\n  server will prompt for the passphrase.\n\n## Installation\n\n```sh\n# create and enter a directory for the script\nmkdir -p \"dropbear-auto-unlock\"\ncd       \"dropbear-auto-unlock\"\n\n# download+extract the script, into current directory\ncurl -fsSL \"https://github.com/hugojosefson/dropbear-auto-unlock/tarball/main\" \\\n  | tar -xzv --strip-components=1\n```\n\n## Example usage\n\nBasic usage with a single destination:\n\n```sh\npass show zfs_disk_passphrase | dropbear-auto-unlock --destination.1=root@pve-01\n```\n\nYou can specify multiple alternative addresses for the same server, for example\nin case the dropbear has a different IP and/or hostname than the unlocked and\nfully booted server:\n\n```sh\npass show zfs_disk_passphrase | dropbear-auto-unlock --destination.1=root@pve-01 --destination.1=root@pve-01-dropbear\n\n# or, more concisely:\npass show zfs_disk_passphrase | dropbear-auto-unlock --destination.1=root@pve-01{,-dropbear}\n```\n\nYou can also unlock multiple separate servers simultaneously:\n\n```sh\npass show zfs_disk_passphrase | dropbear-auto-unlock \\\n  --destination.1=root@pve-01 \\\n  --destination.2=root@pve-02\n\n# or, if you have 5 servers, whose dropbear is on the same hostname but with \"-dropbear\" appended:\npass show zfs_disk_passphrase | dropbear-auto-unlock \\\n  $(for i in {1..5}; do \\\n    for d in \"\" \"-dropbear\"; do \\\n      echo \"--destination.${i}=root@pve-0${i}${d}\"; \\\n    done; \\\n  done)\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhugojosefson%2Fdropbear-auto-unlock","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhugojosefson%2Fdropbear-auto-unlock","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhugojosefson%2Fdropbear-auto-unlock/lists"}