Follow up from https://lemmy.world/post/37310527
We did it gang, and we went even further to be able to enter the LUKS password from anywhere via Tailscale.
The general Dropbear info from the Debian wiki seems accurate though it included dropbearconvert usage that wasn’t mentioned elsewhere. Unsure if that was needed or not but I did it anyway.
I also referenced this guide. I especially enjoyed the -c cryptroot-unlock param to Dropbear so it automatically prompts me for the password on login.
I’ve been getting familiar with Tailscale over the past few weeks and also just replaced my home router (immediately flashed with OpenWRT). Turns out you can run Tailscale on OpenWRT and cajigger it in a way that you can use the router as an exit node while allowing LAN access. So, I did that. Now, with Dropbear, the static IP in my initramfs, and Tailscale, if the server reboots while I’m away from home I can SSH via my phone and enter the LUKS password to allow it to boot.
… mostly it’s just going to be when I don’t want to dig behind my desk to plug in a keyboard, but the truly remote option is nice too.
Thanks for all the input.
I think you were told MANY times in the last thread…that’s not all Clevis is used for. You misunderstood the tool.
I am not a smart person and it wasn’t the right tool for my job so I didn’t research it further once that was established. Maybe if somebody told me one more time it’d stick.
EDIT : In case anyone is curious : https://github.com/latchset/clevis