[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Decrypting LUKS from initramfs; was: Re: ext2 for /boot ???

Igor Cicimov wrote:

> An example for automation with AWS using SSM and KMS services
> It can be modified for initramfs.

so how can we do it with initram and without some external key server?
Imagine I have only boot not encrypted on the server.
I want to boot the machine and get a prompt via SSH or something like SSH,
where I can type in the password and decrypt root and all other volumes.
I do not want to store password or anything sensitive in the boot directory.
I can imagine one time ssh created when you try to login, but it is still
not secure enough.
Can you help with some thoughts on how to implement it?


Reply to: