• You want to unlock a system remotely during boot process.
• Your root partition is a LVM volume.
• Your LVM setup is fully encrypted with LUKS.
• You’re running Debian 10 or above (buster, bullseye, bookworm) on the remote system.

This tutorial describes an option to unlock your system remotely using SSH and dropbear.

apt-get install -yy dropbear-initramfs cryptsetup-initramfs lvm2

Configuration directory and files for dropbear changes in Debian 12 DROPBEAR_DIR=/etc/dropbear/initramfs DROPBEAR_CONFIG=DROPBEAR_DIR/dropbear.conf if [ $(cut -d. -f1 /etc/debian_version) -lt 12 ]; then DROPBEAR_DIR=/etc/dropbear-initramfs DROPBEAR_CONFIG=DROPBEAR_DIR/config fi

echo 'DROPBEAR_OPTIONS="-RFEsjk -c cryptroot-unlock"' > $DROPBEAR_CONFIG

Add your local SSH public keys to dropbear's authorized_keys file to allow password-less logins echo '<YOUR_PUBLIC_KEY>' > $DROPBEAR_DIR/authorized_keys

Check if /etc/crypttab contains an entry like below; # LUKS volume and device names vary depending on your configuration and hardware. sda2_crypt /dev/sda2 none luks,initramfs

Add network support to the initramfs; replace variables with your server's network configuration # It's important