Remotely unlocking an encrypted hard disk with systemd initrd on Arch
2 months ago
- #System Administration
- #Linux
- #Security
- The author describes a setup where they remotely access their home desktop via SSH to save battery on their old ThinkPad.
- They face issues when their home loses power or the desktop's public IP changes, previously solved with BIOS settings and Tailscale.
- After installing Arch with an encrypted boot partition, they propose embedding Tailscale in the initramfs to allow remote unlocking.
- Initramfs is explained as a small OS loaded into memory during early boot, capable of running services like systemd.
- The plan involves setting up networking, Tailscale, and an SSH server (Dropbear) in initramfs, with security measures like ACLs and non-expiring keys.
- Detailed steps include configuring systemd services, Tailscale tags, Dropbear settings, and network setup for Ethernet.
- The author concludes by emphasizing the power of creative solutions in computing.