Comment on Help wanted: best Home server, Nextcloud, Atomic setup with DynDNS?
boredsquirrel@slrpnk.net 2 months agoYes the threat model is people pulling out the drive, of course.
How should they get access to the server when it is running? You still need to connect to it and log in, which wouldnt be the case.
poVoq@slrpnk.net 2 months ago
It is possible that people get access to your server while it is running via known or unkown software vulnerabilities, but that isn’t really the point… all I am saying is that if you host your server at home, it is unlikely that at-rest disk-encryption does you any good and it certainly doesn’t help to protect against illicit remote access.
What it does “help” is preventing you from remotely accessing your own server if it rebooted for some reason… and many other such footguns that you will experience sooner or later.
boredsquirrel@slrpnk.net 2 months ago
Yes this is true. That is why a separate method would be needed, to log into and hand the password to the LUKS decrypt of the server.
I heard Debian can do this with ssh in the initramfs?
Sounds like a hella pain of course.
Alternatively I thought about using a security key to unlock, and in scenarios where I am worried about getting hardware stolen, I can pull it out and need to manually enter the password.