Anyone had any experience with unlocking a LUKS encrypted root partition via ssh?
There are a few pages from google with the debians variants:
This is the ubuntu solution:
and this for debian:
By the look of it, it is using dropbear and busybox. Only /boot is unencrypted, once passphase is given via ssh (with dropbear inside initrd), then chroot to the actual root partition.
I wonder if anyone done similar things with centos before, so I don't have to reinvent the wheels. Any suggestions and thoughts as to what might be a suitable centos implementation?
Support for security such as Firewalls and securing linux
3 posts • Page 1 of 1
I am looking for the same problem, Fedora is also information less at the moment. They use Dracut to replace their old initramfs system. So the ssh server should work between Grub and the LUKS decryption.
So the sshd usually starts well after / is mounted - which you can do as / cant be mounted before the password is entered. So the Debian link you provided is using a stipped down ssh called dropbear, that then gets placed in the initrd and a script to start it. That is all it is. Probably not a "supported" thing, but you couold do that if you wanted to I guess.