Remotely unlock LUKS root volume via SSH

Hi,

my root fs is LUKS encrypted. Is there any way I can setup Clear Linux so that it connects the the network on boot, starts an SSH server and lets me input the password via ssh?

I’m basically looking for something like these solutions:

1 Like

Paging @eadams who might have something clever to share.

This was discussed a little here and decided not something that was going to be a Clear Linux solution:

I found two other ways to do this that don’t cost too much money, and you might already have the equipment on hand. I accomplished this by taking an old Android OnePlus One phone and flashing a custom firmware that had USB gadget mode enabled in the kernel. I then rooted the phone and used a program called hid-gadget-test to send keystrokes to the computer. I used a ROM called “nameless” that already had the kernel compiled with this option. Finally, I installed a Simple SSH server that always listens and opened up a port on my router to be able to ssh to that phone. The phone gets charged from the USB port and can send keystrokes as well. I even put a long passcode on that phone out of an abundance of caution. To complete the setup, I put the computer I care about on a wemo switch and changed the BIOS so that the computer boots up once power is applied. That way if anything happens in the reboot I can remotely kill power to the switch using the WeMo app and it will boot up to the LUKS encryption prompt.

You could also do this with certain revisions of a Raspberry Pi. https://learn.adafruit.com/turning-your-raspberry-pi-zero-into-a-usb-gadget/overview You may be able to use an old NUC as well, but I am pretty sure you need that USB port to support USB OTG for this to work but it has been awhile since I set this up. This type of setup would work with any OS and you don’t have to modify any kernels.

1 Like

Thanks for the feedback. I’m really not looking for alternatives, I happen to own a KVM over IP device. The thing is that in my mind I shouldn’t have to use any kind of hardware for remote unlocking, there’s an existing software solution for this.

To be clear, what’s the software solution you’re thinking of?

Any of these:

There’s plenty more implementations floating around the internet.