HACKER Q&A
📣 sarcasmatwork

LUKS Disk Encryption Management


How are admins dealing with remote LUKS decryption? It's a pain to decrypt on the console when we reboot the machine for patching. I'd rather not have to manually type in the password as that what we are currently doing.

Can this be done from a remote linux machine with pub key access? Just starting to dig into solutions now. Thanks!

This is in a vmware environment with Ubuntu 18/CentOS 8

Found the following:

https://hamy.io/post/0009/how-to-install-luks-encrypted-ubuntu-18.04.x-server-and-enable-remote-unlocking/

https://www.theo-andreou.org/?p=1579

  👤 LinuxBender Accepted Answer ✓
One method is to have ssh running in the init ram image [1] Specific to Redhat is NBDE [2]. I've seen a few other distro specific methods. The lack of a common standard probably (and I am just guessing) revolves around the lack of standardization of ram images, kernel support of ram image decompression (what if we are out of memory) grub (grub2) and other distro specific nuances.

[1] - https://michael.stapelberg.ch/posts/2020-01-21-initramfs-fro...

[2] - https://www.redhat.com/en/blog/easier-way-manage-disk-decryp...