Remote disk encryption unlock via ssh
The following steps were done with Debian Jessie.
This post is to configure a server unlocking which uses LUKS with LVM. Usually servers are remote or does not have any monitor or any physical way to enter the key to unlock the disk. The following steps are to setup a dropbear ssh service on boot, so the user can log in and enter the disk key via ssh.
Create your ssh keys for the computer that will log in to unlock the disk if you don’t did it before. Execute this on the client machine:
now copy via scp your public key and append it to the dropbear home.
Remote unlocking manual steps
ssh to the server and execute the following steps:
Now we have to kill cryptroot
Now that we understand how to manually unlock the disk we can automate it with the following script:
References: http://www.emmolution.org/?p=307 https://gist.github.com/wolli/5295625 https://help.ubuntu.com/community/SSH/OpenSSH/Keys http://blog.nguyenvq.com/blog/2011/09/13/remote-unlocking-luks-encrypted-lvm-using-dropbear-ssh-in-ubuntu/ https://stinkyparkia.wordpress.com/2014/10/14/remote-unlocking-luks-encrypted-lvm-using-dropbear-ssh-in-ubuntu-server-14-04-1-with-static-ipst/