Re: Decrypting LUKS from initramfs; was: Re: ext2 for /boot ???
Igor Cicimov wrote:
> An example for automation with AWS using SSM and KMS services
> It can be modified for initramfs.
so how can we do it with initram and without some external key server?
Imagine I have only boot not encrypted on the server.
I want to boot the machine and get a prompt via SSH or something like SSH,
where I can type in the password and decrypt root and all other volumes.
I do not want to store password or anything sensitive in the boot directory.
I can imagine one time ssh created when you try to login, but it is still
not secure enough.
Can you help with some thoughts on how to implement it?