I have two Raspberry Pis, both running Raspbian Buster, both set up with full disk encryption, with dropbear (version 2018.76-5) to support remote unlocking of the disk encryption. This has been working fine for years. However, recently dropbear has stopped accepting my SSH key, and I now get
root@<address>: Permission denied (publickey).
when I try to unlock remotely. I have not made any configuration changes. The contents of the authorized_keys file in the initramfs is correct. The most recent evidence I can find of having successfully done a remote unlock is 10th March for both RPis. Really strangely, the modified date of the initramfs confirms that the initramfs file has not been modified since the last successful remote unlock! Specifically, on the RPi I'm working on now, on 10th March, initramfs was regenerated at 09:38 following a kernel update (and has not been modified since), RPi was rebooted at 09:40, and successfully remotely unlocked at 09:44.
Edit: I have now experimented with generating fresh DSA, ECDSA, ED25519, RSA 2048-bit, RSA 3072-bit, and RSA 4096-bit SSH keys, and adding them all to the authorized_keys file, and regenerating the initramfs. Having done so, I am able to connect with the ECDSA key, but not any of the other keys. Previously, I was using an RSA 2048-bit key with one RPi, and an RSA 3072-bit key with the other RPi. So, from my experience here, it appears Dropbear stopped accepting RSA 2048- and 3072-bit keys (and possibly some other types) at some point between 10th March 2022 and 12th June 2022 (when I first found I couldn't connect), without any updates to the dropbear binaries or configuration?!?
