this post was submitted on 07 Dec 2023
45 points (100.0% liked)

Selfhosted

60482 readers
1128 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

  8. AI-related discussions and AI-involved promotional posts have additional requirements for tagging, as noted in Rule 7 and the AI & Promotional Post Expanded Rules post.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
 

Hi there ! I have a little box at home, hosting some little services for personal use under freebsd with a full disk encryption (geli). I'm never at home and long power outage often occurs so I always need to come back home to type my passphrase to decrypt the disk.

I was searching this week a solution to do it remotely and found the "poor-guy-kvm" solutions turning a Raspberry like board (beaglebone black in my case) in a hid keyboard. It works fine once the computer has booted but once reboot when the passphrase is asked before it loads the loader menu, nothing. When I plug an ordinary USB keyboard I can type my passphrase so USB module is loaded.

Am I missing something ? Am I trying something impossible ?

(I could've asked on freebsd forum but... Have to suscribe, presentation, etc... Long journey)

you are viewing a single comment's thread
view the rest of the comments
[–] markomas@lemmy.world 14 points 2 years ago (1 children)

Hi, Why not to do little bit diffrently?

  1. Server boots into unencrypted kernel with ssh server (it has just that ssh server)
  2. Then you connect remotely via ssh and provide password (unlock encrypted disks etc)
  3. Then system boots to encrypted environment which you unlocked at step 2
  4. profit

No second pc/raspberry is required

I have this done with luks on Debian: https://hamy.io/post/0009/how-to-install-luks-encrypted-ubuntu-18.04.x-server-and-enable-remote-unlocking/ I think you can adapt something similar to your freebsd

Quick google search found:

https://forums.freebsd.org/threads/encrypted-root-with-unencrypted-preboot-and-reboot-r.74378/

https://github.com/Sec42/freebsd-remote-crypto

[–] Jean_Mich_Much@jlai.lu 4 points 2 years ago (1 children)

Shit, i totally missed this one, maybe not searching with good keywords... Thanks a lot, I've read fast for the moment so it doesn't seems to be fully encrypted but scenario in the forum and solution proposed can answer my needs (sorry for bad English ). Thanks !

[–] Appoxo@lemmy.dbzer0.com 2 points 2 years ago

The key to a good search is to know what your are looking for.

If you know what you are looking for
I know how you feel brother.
At least we have the awesome members of the community showing us the other options!