Fellow selfhoster, do you encrypt your drives where you put data to avoid privacy problems in case of theft? If yes, how? How much does that impact performances? I selfhost (amongst other services) NextCloud where I keep my pictures, medical staff, …in short, private stuff and I know that it’s pretty difficult that a thief would steal my server, buuut, you never know! 🤷🏻‍♂️

  • @[email protected]
    link
    fedilink
    English
    38 months ago

    This answer here covers it quite nice imo.

    https://unix.stackexchange.com/questions/5017/ssh-to-decrypt-encrypted-lvm-during-headless-server-boot

    Important is that you update your initramfs with the command after you edited the dropbear initramfs config and or you copied the key over.

    For the client it is important to define 2 different known hosts files since the same host will have 2 different host keys, 1 when encrypted with dropbear, and 1 when operational with (usually) sshd.

    Also you need to use root when you connect to your server to unlock it. No other user will work with the default setup.

    • @[email protected]
      link
      fedilink
      English
      2
      edit-2
      8 months ago

      I was actually using my own user account instead of root, but now that you mention it… I’m not sure how that would even work so yeah that makes sense.

      I did rebuild the initramfs after every change but did not manually copy the key file anywhere other than etc.

      Will check out the link tomorrow. Thanks a lot for sharing!

      Edit: tried again with root and it worked flawlessly :D