Decrypt LUKS partition automatically if part of a defined network?

Michael

8/12/24, 8:19 AM

I do have an Ubuntu 22.04 server running at home with LUKS-encrypted root and data partition. At the moment I have to type in the passphrase to unlock the partitions which prevents unattended reboots (e.g. to ensure up-to-date system).

I know there is a solution based on Tang server/client setup but this approach requires an additional device to be running 24/7.

I would like to have a single device solution like to get the partitions unlocked automatically as long the server is part of my local network, e.g. if there are multiple network devices present identified via MAC addresses. I know the key might not be super strong but the risk of getting the device stolen and all MAC addresses noted is a lot smaller than having an unpatched system running for several days until patched every now and then.

An alternative idea would be to read a key file from an SMB-share (my router supports such a network drive).

Any ideas?

0 + 2

networking

luks

vidarlo

8/12/24, 8:48 AM

Tang can run on a RPi Zero. It's probably the easiest way to make this work. Unless you have some device that store the key *apart* from the server, you don't have security, merely obscurity.

Michael

8/12/24, 9:51 AM

Yeah, using a Pi would be my fallback if no OOTB-solution is available but would be another system to keep maintained. Relying on presence of other network devices or a remotely read key-file would be _apart_. I wouldn't consider storing the key file on the local boot partition for sure. :D

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Decrypt LUKS partition automatically if part of a defined network?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.