Reboot Encrypted System Remotely Without Password Query
Are there any standard solutions to rebooting an encrypted system remotely without requiring a password on the next boot?
The system in question is an Ubuntu encrypted with LUKS root partition and an unencrypted boot partition.
The only way I can imagine is to add a randomly generated second key that is based on a file resting on the boot partition and removing it with a start script on system boot.
Would the above approach work? Or is there a default option that does not require a manual approach?
The only security implication I can think of is that in case the system does fail the boot before starting the first services.
Solution 1:
You could setup an initrd with a minimal sshd in it (dropbear comes to mind), and then connect to it and input the password manually. Or you could look into Mandos. Keep in mind that if someone has physical access to your server, and can replace the boot code without you noticing, then you are game over no matter what