What I have been doing in 2020 and before doesn’t seem to work anymore, ence it is time to publish a new episode of the saga: how to remotely unlock a full disk encrypted Linux machine. dracut-sshd still works perfectly even though the surroundings changed a bit. First step is instructing dracut to add dracut-sshd into initramfs: $ sudo dnf install dracut dracut-network openssh $ git clone https://github.com/gsauthof/dracut-sshd.git $ cd dracut-sshd $ sudo cp -ri 46sshd /usr/lib/dracut/modules.d Configure grub to instruct dracut to add networking to initramfs: …

Last year I blogged on how to remotely unlock a full disk encrypted Fedora/CentOS server. The software I used, dracut-crypt-ssh, is not supported anymore and stopped working for me on Fedora 32 and 33. A quick DDG search pointed me in the right direction and made me find a similar software that accomplishes the same task: dracut-sshd. $ sudo dnf install dracut dracut-network openssh libblkid-devel gcc $ git clone https://github.com/gsauthof/dracut-sshd.git $ cd dracut-sshd $ sudo cp -ri 46sshd /usr/lib/dracut/modules.d After compiling and installing dracut-crypt-ssh configure grub to instruct dracut to add networking to initramfs: …

The idea here is to be able to power on and unlock a remote Full Disk Encrypted (FDE from now on) server. I will leave the how “remotely power on” to the reader to figure out and focus on the other part. The easiest way to accomplish it is by using a program called: dracut-crypt-ssh. $ yum install dropbear dracut dracut-network openssh libblkid-devel gcc $ git clone https://github.com/dracut-crypt-ssh/dracut-crypt-ssh.git $ cd dracut-crypt-ssh $ ./configure $ make $ sudo make install After compiling and installing dracut-crypt-ssh configure grub to instruct dracut to add networking to initramfs: …