Follow up from https://lemmy.world/post/37310527

We did it gang, and we went even further to be able to enter the LUKS password from anywhere via Tailscale.

The general Dropbear info from the Debian wiki seems accurate though it included dropbearconvert usage that wasn’t mentioned elsewhere. Unsure if that was needed or not but I did it anyway.

I also referenced this guide. I especially enjoyed the -c cryptroot-unlock param to Dropbear so it automatically prompts me for the password on login.

I’ve been getting familiar with Tailscale over the past few weeks and also just replaced my home router (immediately flashed with OpenWRT). Turns out you can run Tailscale on OpenWRT and cajigger it in a way that you can use the router as an exit node while allowing LAN access. So, I did that. Now, with Dropbear, the static IP in my initramfs, and Tailscale, if the server reboots while I’m away from home I can SSH via my phone and enter the LUKS password to allow it to boot.

… mostly it’s just going to be when I don’t want to dig behind my desk to plug in a keyboard, but the truly remote option is nice too.

Thanks for all the input.

  • clif@lemmy.worldOP
    42·
    18 hours ago

    I hadn’t heard of Dropbear until I started researching this… cool project. That seems to be the ticket if you’re wanting manual intervention to unlock the disk. If you want automatic unlock via another server on the network, sounds like Clevis may be the thing.

      • clif@lemmy.worldOP
        2·
        17 hours ago

        I am not a smart person and it wasn’t the right tool for my job so I didn’t research it further once that was established. Maybe if somebody told me one more time it’d stick.

        EDIT : In case anyone is curious : https://github.com/latchset/clevis