I’ve done a little research but curious about first hand experience.
I’ve got a little home server that is full disk encrypted with LUKS (+LVM, of course). It’s headless (no display, no keyboard, etc) and just lives attached to the back of my desk, out of the way.
If it gets rebooted due to a power outage, I can plug in a keyboard, wait long enough for it to get to the LUKS password prompt, enter password, hit enter, and assume it worked if I see the disk activity light blinking. Worst case scenario, I can move it to a monitor and plug it in to get display too.
Because lazy, I’d prefer to be able to enter the decrypt password remotely. “Dropbear” seems to be a common suggestion but I haven’t tried it yet.
So, asking for your experience or recommendations.
I’ll start. Recommendation #1 - get a UPS : D … But besides that.
Addendum: either way, I currently need to be home to do this because I access it remotely via tailscale along with my desktop. Since both are full disk encrypted, neither will boot to the point of starting tailscale without intervention. But, I might repurpose a nonencrypted RPi with SSHd to act as a “auto restarts with tailscale so I can SSH to it, then SSH to server to enter the LUKS password” jump point.
I’ve recently upgraded my hard drives used for storage. and because I ain’t made of money, I wanted to sell the old drives.
shredding those things took ages (4 TB drives). lesson learned, new drives are btrfs + LUKS that gets unlocked via key file. so when the time comes to sell those, I won’t bother with shredding, just sell them as is.you mean that even if the next user formats it you make sure that leftovers/artefacts cannot be read right?
no, I mean the drive is encrypted and I don’t gotta bother with shred.
yah thats what i meant.
in a way.