I keep a /crypt noauto partition that I mount manually by passphrase via ssh after the server is booted. And don't keep 'sensitive' info in other partitions...
On Mon, May 27, 2024 at 11:57 AM <04-psyche.tot...@icloud.com> wrote: > Thanks all for your thoughts. > > Regarding the remote serial console access, unfortunately, it is not > possible in my case. > I do not have IPMI or something similar :( > > On Mon, 27 May 2024 at 08:17, Manuel Giraud < > manuel_at_ledu-giraud_fr_rmp93abv53d47h_m6783...@icloud.com> wrote: > >> Stefan Kreutz <m...@skreutz.com> writes: >> >> > Can you access the machine's serial console, maybe redirected over IP? >> >> I concur that a remote serial console access (maybe via a web interface >> serviced by your provider) is your best option here. >> >> I used to do (almost) FDE without console access but here is list of >> drawbacks/requirements: >> >> - It is not really FDE because / was not encrypted >> >> - It required patching /etc/rc with the patch at the end of this >> message >> >> - The "/root/sshd" from this patch is a self-contained sshd >> without the need of any external library. It is *not* a copy >> of /usr/sbin/sshd and you have to compile it yourself (and I >> don't remenber how) >> >> >> Best regards, >> -- >> Manuel Giraud >> >