Windows does bitlocker and works pretty well. Depending on what you’re trying to do this may be a good solution.
this post was submitted on 22 Nov 2023
1 points (100.0% liked)
Homelab
22 readers
1 users here now
Rules
- Be Civil.
- Post about your homelab, discussion of your homelab, questions you may have, or general discussion about transition your skill from the homelab to the workplace.
- No memes or potato images.
- We love detailed homelab builds, especially network diagrams!
- Report any posts that you feel should be brought to our attention.
- Please no shitposting or blogspam.
- No Referral Linking.
- Keep piracy discussion off of this community
founded 1 year ago
MODERATORS
If someone physically has your disks unless you have on the drive encryption your fucked. Even then I dunno. If it was created by humans it can be cracked by humans.
Maybe better to move server to undisclosed location like a bank vault.
I do this with ZFS using a Keyfile and a script that runs at boot to unlock/mount.
I put the keyfiles on a USB drive. (Make sure you have backups!) This USB drive is hidden, I won't go into details on how I did that, several ways to do that, you can get pretty creative.
If someone steals my server, they need to know where I hid my USB, or they won't be able to get to any of the encrypted datasets.
If you use luks, you can just add dropbear to have a ssh-server running and enter your password there.
That sounds like exactly what fits my situation. Thanks!
Depends what you want to do, there are a few alternatives for luks. TPM, nbde server, dropbear-ssh, usb key, yubikey.
You can use any combination of the above with password being a fallback.
dropbear-ssh is what I'm looking for. thanks!