I have luks set up on my server and it is kind of annoying to type the password at reboots (mostly power outages). Strictly speaking I do not need the luks, but I feel its good to have anyway. I was thinking of getting a yubikey and just leaving it on or at least telling a trusted family member where to get it and to plug it in when turning it on.
Has anyone over come a similar set up or issue?
For some clarity I am not a pro and the homelabing is mostly just a learning experience for me.
I’ve set this up although I can’t post the exact steps since it’s been so long ago. Here’s a summary.
Have a machine on the same network as the server. Setup dropbear-initramfs on your server to have a SSH server enabled on the luks unlock screen. You’ll have to set the SSH login command to unlock luks in authorized_keys. Then when you need to unlock your server from boot, use ssh with the -J option to jump to the server. Important here: use the local server ip address with respect to the secondary machine. e.g. ssh 192.168.1.1 -J secondary
In that example, 192.168.1.1 is your server address accessible from your secondary machine.
You can unlock remotely through this as well. I’ve setup Tailscale and can unlock my server when I need to reboot for kernel upgrades.