Date: Mon, 25 Nov 2019 15:45:17 +0100 From: Paul Florence <perso@florencepaul.com> To: freebsd-questions@freebsd.org Subject: Geli password over network strategies Message-ID: <9dd8e65a-afdd-514f-0dc0-6bb60b9faaab@florencepaul.com> In-Reply-To: <4ac6ee31-ab05-97f6-da4b-c2d798651fdf@florencepaul.com> References: <4ac6ee31-ab05-97f6-da4b-c2d798651fdf@florencepaul.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello everyone, I am currently running a home-made server with 12.0-RELEASE-p10 using full disk geli encryption. When I boot the server, I first have to type a password to decrypt the whole system. However, my ISP is having some power issues and in the last few weeks I had to go there quite a few times to type a passphrase. I would like now to be able to enter my passphrase over the network. Would the following boot process be possible ? 1. First boot from an unencrypted kernel from a USB stick. 2. Then start an SSH server. 3. Input my passphrase over an ssh terminal. 4. Use the provided passphrase as the geli secret to boot the OS from the disk If no, has anyone had to deal with this kind of problem ? If so, what kind of strategy did you decide to use ? Thanks, Paul
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9dd8e65a-afdd-514f-0dc0-6bb60b9faaab>