Hi, I’m running a ubuntu based backup server. And was wondering if there’s a simple way to encrypt my drives in case they get swiped or something by a break in. But also in a way that the computer can be restarted and decrypt the drive without me needing to stick a key in everytime. Any ideas? It seems basic but I’m not an expert on all these newfangled encryption terminology, so would like something idiot proof (by idiot proof, not idiot enough to lose/forget the decryption key)
I worte a guide last year on how I do network bound encryption - that is the disk will automatically decrypt at boot if it’s connected to my home network, but not if the disk or machine is removed from my house. The advantage over the dropbear method is that you can set unattended upgrades to auto reboot your server whenever it installs security updates, and it’ll come back up with no manual intervention from you.
You can actually unlock LUKS from another machine over SSH: https://www.cyberciti.biz/security/how-to-unlock-luks-using-dropbear-ssh-keys-remotely-in-linux/
I’m pretty happy with this solution
I saw this and thought “How is this even possible? No way you run an SSH server from initramfs…” Turns out that’s exactly how you do it, I’ll be trying this out thank you!