diff --git a/iso/builder/genapkovl-bee_debug.sh b/iso/builder/genapkovl-bee_debug.sh
index 0f06a43..962e32d 100755
--- a/iso/builder/genapkovl-bee_debug.sh
+++ b/iso/builder/genapkovl-bee_debug.sh
@@ -82,8 +82,11 @@ if [ -d "$OVERLAY/root" ]; then
 fi
 
 mkdir -p "$tmp/etc/dropbear" "$tmp/etc/conf.d"
+# -R: auto-generate host keys if missing
+# no dependency on networking service — bee-network handles DHCP independently
 makefile root:root 0644 "$tmp/etc/conf.d/dropbear" <<EOF
 DROPBEAR_OPTS="-R"
 EOF
 
+
 tar -c -C "$tmp" etc usr root 2>/dev/null | gzip -9n > "$HOSTNAME.apkovl.tar.gz"
diff --git a/iso/overlay-debug/etc/init.d/bee-network b/iso/overlay-debug/etc/init.d/bee-network
index 6fe7d53..41ac66f 100644
--- a/iso/overlay-debug/etc/init.d/bee-network
+++ b/iso/overlay-debug/etc/init.d/bee-network
@@ -5,7 +5,6 @@ description="Bee: bring up network interfaces via DHCP"
 depend() {
     need localmount
     before bee-audit-debug
-    before dropbear
 }
 
 start() {
diff --git a/iso/overlay-debug/etc/init.d/dropbear b/iso/overlay-debug/etc/init.d/dropbear
new file mode 100755
index 0000000..d00e07c
--- /dev/null
+++ b/iso/overlay-debug/etc/init.d/dropbear
@@ -0,0 +1,37 @@
+#!/sbin/openrc-run
+
+description="Dropbear SSH server"
+
+depend() {
+    need localmount
+    after bee-sshsetup
+    use logger
+}
+
+check_config() {
+    if [ ! -e /etc/dropbear/dropbear_rsa_host_key ]; then
+        einfo "Generating RSA host key..."
+        /usr/bin/dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key
+    fi
+    if [ ! -e /etc/dropbear/dropbear_ecdsa_host_key ]; then
+        einfo "Generating ECDSA host key..."
+        /usr/bin/dropbearkey -t ecdsa -f /etc/dropbear/dropbear_ecdsa_host_key
+    fi
+    if [ ! -e /etc/dropbear/dropbear_ed25519_host_key ]; then
+        einfo "Generating ED25519 host key..."
+        /usr/bin/dropbearkey -t ed25519 -f /etc/dropbear/dropbear_ed25519_host_key
+    fi
+}
+
+start() {
+    check_config || return 1
+    ebegin "Starting dropbear"
+    /usr/sbin/dropbear ${DROPBEAR_OPTS}
+    eend $?
+}
+
+stop() {
+    ebegin "Stopping dropbear"
+    start-stop-daemon --stop --pidfile /var/run/dropbear.pid
+    eend $?
+}
diff --git a/iso/overlay-debug/usr/local/bin/bee-network.sh b/iso/overlay-debug/usr/local/bin/bee-network.sh
index 70c82ad..2670b0d 100644
--- a/iso/overlay-debug/usr/local/bin/bee-network.sh
+++ b/iso/overlay-debug/usr/local/bin/bee-network.sh
@@ -2,8 +2,6 @@
 # bee-network.sh — bring up all physical network interfaces via DHCP
 # Unattended: runs silently, logs results, never blocks.
 
-set -e
-
 LOG_PREFIX="bee-network"
 
 log() { echo "[$LOG_PREFIX] $*"; }