This might be a really dumb question but here goes, anyway.
I just bought a couple servers. I already installed Ubuntu with encrypted LVM on one and I'm planning on doing the same with the other. This means that every time I boot up each of these machines, I have to enter the passphrase. And I'll have to do this every morning because I'll power each machine off each night for security reasons.
Here's the problem: I don't have monitors or keyboards for these servers. It seems to me I have two options:
- Somehow enter the passphrase remotely
- Buy a KVM switch
I doubt #1 is an option but I want to make sure it's not before I buy a KVM. Is it possible to enter the passphrase remotely? AND is it a good idea?
Best Answer
One possible option would be to redo it so that the base system (
/ /usr /etc /liband such... the things that are the same on all the Linux systems) are unencrypted, with your actual data to protect in a separate LV that is encrypted. Then, the system should be able to boot to a state where you can log in remotely and mount the encrypted partition and provide the password at that time.This is the option I take with my database servers, with an encryptd partition for just the database, which is set to not start on boot so I can log in and mount the partition and start the database.