I may be missing something in your use case. As long as you have the port forwarded you can decrypt from anywhere. Use pub key auth and you’re good to go
You’re just missing the part where I want to be on vacation without the need to find a decent Internet connection to boot my server because the power went off.
What’s the plus of encrypting the OS partition too?
Fair enough. Every service I run depends on encrypted data, so starting the machine without decrypting isn’t worthwhile in my case. I have to decrypt to get everything back up after power loss anyway.
Main advantages I’m aware of for full disc encryption are encrypted swap and system config. Overkill for some use cases so YMMV, but wanting to point out that decrypting at boot can be done.
You can decrypt via ssh at boot. I used dropbear to accomplish that on my machine
That’s interesting, but that won’t help if I’m away or on vacation on the other side of the world
I may be missing something in your use case. As long as you have the port forwarded you can decrypt from anywhere. Use pub key auth and you’re good to go
You’re just missing the part where I want to be on vacation without the need to find a decent Internet connection to boot my server because the power went off. What’s the plus of encrypting the OS partition too?
Fair enough. Every service I run depends on encrypted data, so starting the machine without decrypting isn’t worthwhile in my case. I have to decrypt to get everything back up after power loss anyway.
Main advantages I’m aware of for full disc encryption are encrypted swap and system config. Overkill for some use cases so YMMV, but wanting to point out that decrypting at boot can be done.