docs: dracut-crypt-ssh keys name and format fix

JkktBkkt · JkktBkkt · commit 6b24aabdbbc1 · 2025-04-30T03:39:05.000+03:00
diff --git a/docs/general/remote-access.rst b/docs/general/remote-access.rst
@@ -178,18 +178,28 @@ into the image. However, there are two problems with this:
    format.
 
 To create dedicated host keys in the proper format, decide on a location, for example ``/etc/dropbear``, and create the
-new keys::
+new keys:
 
-  mkdir -p /etc/dropbear
-  for keytype in rsa ecdsa ed25519; do
-      dropbearkey -t "${keytype}" -f "/etc/dropbear/dropbear_${keytype}_host_key"
-  done
+.. tabs::
 
-.. note::
-  The dracut module expects to install RSA and ECDSA keys, so at minimum those keys should be created.
-  The mkinitcpio module supports RSA, ECDSA, and ED25519 keys.
+  .. group-tab:: Dracut
+
+      The dracut module expects to install RSA and ECDSA keys, so at minimum those keys should be created
+      We're making keys in PEM format because the dracut module insists on converting keys each time and doesn't accept keys in dropbear format::
+        
+        mkdir -p /etc/dropbear
+        for keytype in rsa ecdsa ed25519; do
+          ssh-keygen -g -N "" -m PEM -t "${keytype}" -f "/etc/dropbear/ssh_dracut_host_${keytype}_key"
+        done
+
+  .. group-tab:: mkinitcpio
 
-  Not all versions of ``dropbear`` support ED25519 keys, so it is fine if the ED25519 key fails to generate.
+    The mkinitcpio module supports RSA, ECDSA, and ED25519 keys::
+        
+        mkdir -p /etc/dropbear
+        for keytype in rsa ecdsa ed25519; do
+          dropbearkey -t "${keytype}" -f "/etc/dropbear/dropbear_${keytype}_host_key"
+        done
 
 The Dracut and mkinitcpio dropbear modules do not allow for password authentication over SSH; instead key-based
 authentication is forced. The authorized keys for dropbear can be configured by putting an `authorized_keys file
@@ -208,9 +218,9 @@ realized by symlinking your user's ``authorized_keys`` file::
       # Enable dropbear ssh server and pull in network configuration args
       add_dracutmodules+=" crypt-ssh "
       install_optional_items+=" /etc/cmdline.d/dracut-network.conf "
-      # Copy system keys for consistent access
-      dropbear_rsa_key=/etc/dropbear/ssh_host_rsa_key
-      dropbear_ecdsa_key=/etc/dropbear/ssh_host_ecdsa_key
+      # Point to host keys made earlier
+      dropbear_rsa_key=/etc/dropbear/ssh_dracut_host_rsa_key
+      dropbear_ecdsa_key=/etc/dropbear/ssh_dracut_host_ecdsa_key
       dropbear_acl=/etc/dropbear/root_key
 
     .. note::
@@ -309,4 +319,4 @@ local instance to show the interactive menu immediately.
 
     rm /zfsbootmenu/active
 
-  to eliminate the indicator of the other running instance. You may then run ``zfsbootmenu`` again to launch the menu.
+  to eliminate the indicator of the other running instance. You may then run ``zfsbootmenu`` again to launch the menu.
