
Ask HN: LUKS Disk Encryption Management - sarcasmatwork
How are admins dealing with remote LUKS decryption? It&#x27;s a pain to decrypt on the console when we reboot the machine for patching. I&#x27;d rather not have to manually type in the password as that what we are currently doing.<p>Can this be done from a remote linux machine with pub key access? Just starting to dig into solutions now. Thanks!<p>This is in a vmware environment with Ubuntu 18&#x2F;CentOS 8<p>Found the following:<p>https:&#x2F;&#x2F;hamy.io&#x2F;post&#x2F;0009&#x2F;how-to-install-luks-encrypted-ubuntu-18.04.x-server-and-enable-remote-unlocking&#x2F;<p>https:&#x2F;&#x2F;www.theo-andreou.org&#x2F;?p=1579
======
LinuxBender
One method is to have ssh running in the init ram image [1] Specific to Redhat
is NBDE [2]. I've seen a few other distro specific methods. The lack of a
common standard probably (and I am just guessing) revolves around the lack of
standardization of ram images, kernel support of ram image decompression (what
if we are out of memory) grub (grub2) and other distro specific nuances.

[1] - [https://michael.stapelberg.ch/posts/2020-01-21-initramfs-
fro...](https://michael.stapelberg.ch/posts/2020-01-21-initramfs-from-scratch-
golang/)

[2] - [https://www.redhat.com/en/blog/easier-way-manage-disk-
decryp...](https://www.redhat.com/en/blog/easier-way-manage-disk-decryption-
boot-red-hat-enterprise-linux-75-using-nbde)

~~~
sarcasmatwork
Great info, thank you!

