luks

Unlock LUKS encrypted disk over SSH

I just realized how easy it is to unlock the disk encryption password on a remote and/or headless server via SSH. There is a package called dropbear-initramfs that does exactly what is sounds like, it embeds a dropbear SSH server inside initramfs, cool! Install and configure 1 apt install dropbear-initramfs Edit /etc/dropbear-initramfs/config and use something like this: 1 DROPBEAR_OPTIONS="-j -k -p 2222 -s -c /usr/bin/cryptroot-unlock" Place a public key in /etc/dropbear-initramfs/authorized_keys, regenerate the initramfs and you are done!