Skip to main content
Topic: Home server with FDE (Read 441 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Home server with FDE

Hello.

I bought a second laptop and want to make a home server out of the old one to run all sorts of useful stuff on it. I want to use full disk encryption on it!

In this case, I will have only two partitions: ESP, where only the bootloader file will be stored, and a LUKS partition with lvm volumes for / and home.

Now the most confusing part: how can I remotely unlock the system (enter the password) so that I don’t have to go to another room, climb onto the cabinet, open the lid and enter the password?

The “home server” will be connected to the router on OpenWrt 24/7, if that matters.

Re: Home server with FDE

Reply #1
Here are the results of looking up "unlock luks encryption on boot remotely":
https://askubuntu.com/questions/996155/how-do-i-automatically-decrypt-an-encrypted-filesystem-on-the-next-reboot
https://www.privex.io/articles/unlock-luks-remotely-ssh-dropbear/
https://github.com/Am0rphous/Unlock-LUKS-Encryption-Remotely
https://www.cyberciti.biz/security/how-to-unlock-luks-using-dropbear-ssh-keys-remotely-in-linux/
Good luck! ;)

Edit: there's also this. It looks like everything's easier if /boot is not encrypted, and since it's a home server, I don't really see a need for it (the choice is up to you though)

Re: Home server with FDE

Reply #2
This is NOT FDE! Don't litter!

Re: Home server with FDE

Reply #3
Yeah, sorry, my bad, the first 4 links aren't exactly what you want. But doesn't the last one from privacyguides.net answer your question?

Re: Home server with FDE

Reply #4
Maybe a TinyPilot would work for your setup - it's a DIY ILO port for your server.
https://github.com/tiny-pilot/tinypilot

There may be similar projects out there like this too.

Re: Home server with FDE

Reply #5
Maybe a TinyPilot would work for your setup - it's a DIY ILO port for your server.
https://github.com/tiny-pilot/tinypilot

There may be similar projects out there like this too.

I have a friend who got me hooked on artix, which has its own tiny bootloader with encryption support and remote unlocking.

That is, you send such a computer a wol-packet directly from the terminal and in response you get an ssh invitation. But he is in no hurry to share the code, because "The world is not ready for this yet."

Perhaps TinyPilot or something similar is the only option. Thank you!

Re: Home server with FDE

Reply #6
I have a friend who got me hooked on artix, which has its own tiny bootloader with encryption support and remote unlocking.
That is, you send such a computer a wol-packet directly from the terminal and in response you get an ssh invitation. But he is in no hurry to share the code, because "The world is not ready for this yet."
Tell your friend to never ever mention that again and make sure you forget his name, for his own sake.

Re: Home server with FDE

Reply #7
Quote
Tell your friend to never ever mention that again and make sure you forget his name, for his own sake.
Why is that? Seriously, I would shout this to everyone, and I still couldn't digest or assimilate the phrase "The world is not ready for this". You know something, admit it!  :)

Re: Home server with FDE

Reply #8
If said friend is able to program such magick and says "the world is not ready for this", I'd believe him.

 

Re: Home server with FDE

Reply #9
Btw FDE is useful on portable devices, like laptops and mobile phones, so that thief  cant just get your data.
For servers, FDE is not necessary, but you can encrypt data partitions like / or /home or swap, leaving /boot unencrypted

or you can install without encryption some distro, then install encrypted linux distro inside Virtual Machine, that way you can have access to Server easily
Create problems which don't have solution