For years now, I've been setting up my FreeBSD servers with GELI encrypting nearly the entire disk (except for boot stuff). Long ago I did this manually, but in recent years I've been letting the standard FreeBSD installer process do it for me. When the machine powers up, it boots as far as requesting the GELI password for the disks. I physically walk to the machine, turn on the monitor, and type in the password. This is more or less all that I use the monitor and keyboard for - barring connectivity issues or whatever, I interact with the server almost exclusively through the network. And this is the way I like it - my main goal here is to prevent the disks' data from being read if they (or the whole machine) get stolen or some such thing.
I am soon going to be setting up a new server. The machine has a VGA port that I guess I can plug a monitor into (if VGA monitors still exist, lol), and USB ports that I can plug a keyboard and a FreeBSD installer thumb drive into, so installing won't be an issue. However, after installation, for day-to-day operation, I would kind of like to not even have the keyboard and monitor physically present. So I'm wondering: Is it possible to set it up so that when the machine powers up, I can somehow access it via the network in a way such that I can enter the GELI password, instead of needing to physically go there and hook up a keyboard and monitor? If so, how?
To be clear, if possible, I'd like to still have the option to enter the password via a physical keyboard and monitor too (for "emergency" cases when the network's down or whatever).
In case it matters, I will almost certainly be waiting for the imminent release of 14.0.
Thanks in advance.
I am soon going to be setting up a new server. The machine has a VGA port that I guess I can plug a monitor into (if VGA monitors still exist, lol), and USB ports that I can plug a keyboard and a FreeBSD installer thumb drive into, so installing won't be an issue. However, after installation, for day-to-day operation, I would kind of like to not even have the keyboard and monitor physically present. So I'm wondering: Is it possible to set it up so that when the machine powers up, I can somehow access it via the network in a way such that I can enter the GELI password, instead of needing to physically go there and hook up a keyboard and monitor? If so, how?
To be clear, if possible, I'd like to still have the option to enter the password via a physical keyboard and monitor too (for "emergency" cases when the network's down or whatever).
In case it matters, I will almost certainly be waiting for the imminent release of 14.0.
Thanks in advance.