fsebugoutzone.org:9999

       Post 9nQAarqPKeFcRdLTLE by chozron@linuxrocks.online
 (DIR) More posts by chozron@linuxrocks.online
 (DIR) Post #9nQAarqPKeFcRdLTLE by chozron@linuxrocks.online
       2019-09-29T15:33:15Z
       
       0 likes, 0 repeats
       
       I&#39;m surprised remote unlocking of LUKS partitions via ssh isn&#39;t built into standard installations of CentOS.Is full disk encryption on remote servers not a common requirement?I don&#39;t know of any other way to ensure data is &quot;wiped&quot;/inaccessible on drives physically not under my control. Drives that may be used by others in the future.
       
 (DIR) Post #9nQAasQv8tSSGsQdFo by matt@linuxrocks.online
       2019-09-29T16:54:05Z
       
       0 likes, 0 repeats
       
       @chozron I didn&#39;t think that SSHing into a system where the root partition was LUKS encrypted was even possible. There is a service called Dropbear you can use.
       
 (DIR) Post #9nQAaspjedJ7Vq2Rvs by djsumdog@hitchhiker.social
       2019-09-29T17:06:30Z
       
       0 likes, 1 repeats
       
       @matt @chozron I have it setup. I use a modified fork of this:https://github.com/slashbeast/better-initramfsOn boot, it connects to my VPN server so I can then SSH in, unlock the LUKS partition, and then boot the machine.
       
 (DIR) Post #9nQB4KlcsOzuXs9x2W by chozron@linuxrocks.online
       2019-09-29T17:11:51Z
       
       0 likes, 0 repeats
       
       @djsumdog That looks like a complete replacement of the initramfs.I hadn&#39;t considered that, but could work. So far, I use dracut-crypt-ssh with CentOS, and keep everything else as is.@matt
       
 (DIR) Post #9nQBnZ8GJXBy84JccC by djsumdog@hitchhiker.social
       2019-09-29T17:20:04Z
       
       0 likes, 0 repeats
       
       @chozron Yea it&#39;s just an alt initramfs. I got frustrated with dracut a few years back and used it in anger 😅 Recently I started looking at making an openvpn module for dracut, but then I just decided to mod better-initramfs ... huh .. I never posted my fork it seems. It&#39;s kinda hacky .. should really clean it up and submit a PR. @matt
       
 (DIR) Post #9nQDRHi6bimJdLaHya by chozron@linuxrocks.online
       2019-09-29T17:38:25Z
       
       0 likes, 0 repeats
       
       @djsumdog I think I&#39;m going to take this route as well 😀 No need to fiddle around after every install or update, when I have a ready made that I can just copy.