On Sun, May 26, 2024 at 08:33:59PM +0100, 04-psyche.tot...@icloud.com wrote: > Is there any way to use disk encryption without having physical access to > the device?
Yes, it is possible. But I think you are talking about full disk encryption and want to enter a passphrase at the bootloader prompt. > - is there a way to enter the encryption passphrase via ssh? To enter a passphrase at the boot prompt you need to set up remote access to the console of that device. Depending on the setup you have, this might be easy, difficult or impossible. If that is not an option, one possibility is to do a regular non-encrypted installation and create a softraid crypto volume just for storing specific data. This can then be mounted from a regular ssh session after the kernel has booted. It's also possible to hard-code a passphrase in the bootloader code. We have used this technique for years for local development machines that need to be running the softraid code but are otherwise not storing data that needs to be protected by a passphrase. These two ideas can also be used together.
