SSH to decrypt encrypted LVM throughout headless web server boot?
When I mounted Ubuntu 10.04 and also, currently, 10.10, I was supplied the alternative of making it possible for "encrypted LVM" for my disk drive. After picking that alternative, I am motivated for my password throughout boot to decrypt the LVM.
Currently, I am thinking of establishing a headless web server that runs Linux (not always Ubuntu), yet I am stressed that given that the web server is headless I will not have the ability to decrypt it throughout start-up. Would certainly I have the ability to SSH in throughout boot to enter my password for the encrypted LVM? If so just how do I set it up? Or exists an additional remedy? Once more this inquiry is NOT details to Ubuntu. Many thanks.
Headless web server? If it has a serial port, utilize it.
GRUB can be set up to persuade the serial port. Your bit can additionally be set up make use of the serial port for outputting the first boot messages, inputting the password to unlock your drives, and also visiting. (If your web server sustains serial BIOS, enable that too. After that you'll never ever need to connect a display to the equipment in all).
Constantly an excellent suggestion to have a "non - network" means of entering a headless web server.
If you intend to have the ability to boot neglected along with from another location, you need to additionally consider Mandos (which I and also others have actually created) :
Mandos is a system for permitting web servers with encrypted origin documents systems to reboot neglected and/or from another location. See the intro manual page apply for even more details, consisting of an FAQ checklist.
Basically, the starting web server obtains the password over the network, in a safe and secure style. See the README for information.
I assume early-ssh gives what you are looking for:
Early-ssh is a simple initramfs hook, which installs Dropbear SSH server into your initramfs, and starts it at boottime, so you will be able to do a lot of things remotely over SSH, before your root partition gets mounted, for example: * unlocking LUKS encrypted crypto devices - even your root can be an encrypted filesystem * assembling/altering RAID arrays (mdadm) * checking the root filesystem in read-write mode, taking action in case of errors * and so on...
There is currently a.deb plan readily available, so you are possibly great with Ubuntu.