I'm interested in encrypting/securing a server that I'm only going to have remote access to. Since somebody else will be setting it up the best I have been able to come up with is to have it setup with a normal LVM scheme, then add an encrypted tmp home and swap which I would mount/activate manually.
I toyed with unlocking the root fs via ssh with busybox/dropbear, but I could never get it to work right. Plus, as I understand it, luks uses the initial passphrase for encryption, so even if you revoke that key and create another one, it's still a rather huge security issue. Does anybody else have any ideas? Do I need a /var/tmp as well or could I bind mount tmp to both? And yes, I know all of the issues that come with a machine not being physically secured, but I figure I should do what I can anyway, eh?
