automate rebooting of machines with encrypted file-systems

Mandos

• Install "mandos" package on a server that will distribute encrypted keys

apt-get install mandos

• Install "mandos-client" package on clients, which will contact mandos server to retrieve keys to decrypt local FS

apt-get install mandos-client

• On client machine:

  • generate key using "mandos-keygen --password" command

debian:~# mandos-keygen --password

Enter passphrase: 

Repeat passphrase: 

[debian.local]

host = debian.local

fingerprint = C745DFC8B88B858AB3752A614CAF3D713EC035B5

secret =

    hQIOA//X7BxAFgg4EAf/ZOQxCHpyx3P0+adJYBEg6bUMjnaKOzFSdpNEoVJAbaQg

    u38RhbmOlAZ/KLq4mlsh7Kj5mk4izUF79HmpxalNUg4K0Kli5UgNUI9x8siauUHo

    o7YckA+83u+Z5G04qm+NZ7wzB6U0n8f8ajsqDDFndMlvi8c6gepSUzlmsQDhGcqY

    Y+QH4I6AUMKTd6+2sodmCl+v8O1XpKKypCahMCBD+nHkBeXNN94EzFU2oWVISUW3

    wogXdlXnQlo5zbHrAHAHlcPOwkI52C79LEW+H93xqe41IKrSmZHwo6W5/Ml7GUPF

    UaSZDhnssiaoL2V0UXvVJRDPa+k6od7uEVHUDM2fcwgAh7T4kOlYjZU3ZazfKgnp

    gz9PqQu8iReMGOqcJos05Xlcay2Ebf2Mt+t5WHv22aXiJ3vvjJZighpPcn2idHQz

    eQrdR5zEimpGW5jBzlygo8Gks34fQzRQp/CFSg9kytcfs2hSglULKO9Rw5aSqstl

    yMWNJFNp2SQ4SD0ray6wkBAUaIQ98lX3CtsyQZjsAlXYApziHQygqx23xAJdZIDf

    oGCmcmu1PcmteIyuW7aiDd3rahJhpnpc5petKEoYbEfLixZY0olINI+pTrb/9xOC

    FhvgNL4ErZFOWIgvtO73EKJ0+Zwf7edwNueuRGmTs8kEpRZoBYa2ls3hKdxewVI/

    e9KwAf3cQYnuAOZQsT3tC3IVRoN+TxdQizIMVOt3/em6LDpCXx0bUPmt7rxd7xwU

    xFViM4m/xpmaHmDgq3NC96MOLJZngpcW9Sdan3XvGJJFVBOngapTMB3H9WZAj/Mn

    w7FzNtvWmzBhn3o6d1XQgJUCy+iTooqrRONLakuCn4xJoaRTL7QROCEejDYRNlLt

    ful4+IpV8x53NkhnIGIc9gNpZKnwuQAoxh5gafPra8rgOHw=

debian:~# 

• On server machine:

  • Paste the output of the above command in server's /etc/mandos/clients.conf file