If you use luks, you can just add dropbear to have a ssh-server running and enter your password there.
this post was submitted on 22 Nov 2023
1 points (100.0% liked)
Homelab
371 readers
9 users here now
Rules
- Be Civil.
- Post about your homelab, discussion of your homelab, questions you may have, or general discussion about transition your skill from the homelab to the workplace.
- No memes or potato images.
- We love detailed homelab builds, especially network diagrams!
- Report any posts that you feel should be brought to our attention.
- Please no shitposting or blogspam.
- No Referral Linking.
- Keep piracy discussion off of this community
founded 11 months ago
MODERATORS
That sounds like exactly what fits my situation. Thanks!
If someone physically has your disks unless you have on the drive encryption your fucked. Even then I dunno. If it was created by humans it can be cracked by humans.
Maybe better to move server to undisclosed location like a bank vault.
Depends what you want to do, there are a few alternatives for luks. TPM, nbde server, dropbear-ssh, usb key, yubikey.
You can use any combination of the above with password being a fallback.
dropbear-ssh is what I'm looking for. thanks!
I do this with ZFS using a Keyfile and a script that runs at boot to unlock/mount.
I put the keyfiles on a USB drive. (Make sure you have backups!) This USB drive is hidden, I won't go into details on how I did that, several ways to do that, you can get pretty creative.
If someone steals my server, they need to know where I hid my USB, or they won't be able to get to any of the encrypted datasets.
Windows does bitlocker and works pretty well. Depending on what you’re trying to do this may be a good solution.