How to reboot headless server with passphrase?

Solution 1:

You can do so by installing an SSH server into your initramfs. One easy possibility is to use early-ssh. It installs a Dropbear SSH server right into your initramfs. With that server running you can log into your server before the root fs mount and enter the LUKS password.

Solution 2:

You can't. The passphrase is here precisely to make it impossible.

Solution 3:

You shouldn't have your OS to boot on an encrypted partion. Just encrypt /home, /var/www or whatever else. Make sure you can login as root if you've encrypted /home.

To easily mount your partition but only after boot, add "noauto" to its fstab line in the options column, eg.

/dev/sda2 /home ext3 defaults,noauto 1 1 

Alternatively, if you want to whole server to be on encrypted partion, you could virtualize it with openvz or kvm, and then mount manually the partition, and finally starting the virtual server.

Not so good for uptime though. Why do you want to encrypt a server partition?

Solution 4:

Well, this question is quite old, but since many others like myself could be still now looking for a good solution to this same problem, here there are 2 of the best ones I've managed to found so far (after spending lots of hours trying out multiple impossible configurations ¬¬):

https://stinkyparkia.wordpress.com/2014/10/14/remote-unlocking-luks-encrypted-lvm-using-dropbear-ssh-in-ubuntu-server-14-04-1-with-static-ipst/

https://github.com/chadoe/luks-triple-unlock/blob/master/install.sh

After configuring the servers that way, one can decrypt the LUKS partition via SSH (using password or rsa-key) or an USB flash drive and let the system boot as usual. Quite useful in my case.