On 18/02/2024 11:40, David Wright wrote:
$ ssh bhost $ udisksctl unlock --block-device /dev/disk/by-partlabel/Nokia01 Passphrase: ==== AUTHENTICATING FOR org.freedesktop.udisks2.encrypted-unlock === Authentication is required to unlock the encrypted device Multiple Card Reader (/dev/sdc1)
It should be possible to modify policy to allow a specific user or a group to perform disk operations, see polkit(8). When sudo is involved, I still do not see any advantage of udiskctl over "cryptsetup open". As third option, if I remember it correctly, pmount relies on group membership, not on systemd-logind "uaccess", so local vs. remote user should not matter. This variant combines unlock and mount into a single command.