Hello, I'm new to this list! With software like dropbear-initramfs, cryptsetup-initrafs and others you can remotely unlock a booting Debian that has a LUKS-encrypted root partition. That is possible because it runs a SSH server in its unencrypted boot partition which gives you basic remote access. That basic access is enough to enter the unlocking passphrase which will let the encrypted system boot. That works great, but you need a public static address or DDNS and port redirection. I would like to have an onion service running in the boot partition too, that way I could do the same without caring about addresses, ports or names. And would add privacy too. How could I make it? Any advise, suggestion or step-by-step guide would be very much welcome, but please keep in mind that I am not a developer. Thank you very much!
Attachment:
signature.asc
Description: OpenPGP digital signature