On 14/02/2026 12:34, Crystal Kolipe wrote: > On Sat, Feb 14, 2026 at 07:01:52AM +0000, [email protected] wrote: >> On Sat, Jan 24, 2026 at 04:21:28PM +0000, Crystal Kolipe wrote:
> > That is just a statement about 'other operating systems'. > > OpenBSD is not 'other operating systems'. For fuck's sake guys, you're getting so abstract in this discussion you totally lost the point. You have two choices: 1) If running *dedicated*, find a server/provider which either offers a remote KVM access or at very least a remote IPMI text console, ideally over ssh. Example: Newer entry dedicated from OVH come with text IPMI over ssh. If the dedicated you're using doesn't have that and you need it, change the server. This way you can simply use the very standard FDE, be it OpenBSD with softraid:crypto or FreeBSD with geli with/without zfs. Just change the main password after booting and logging on for the first time. 2) If running *collocated*, build yourself a secure system from scratch. Look for an appropriate server base. Even small entry level Dell (the R220-240 line is a fine choice) and Fujistsu models offer out-of-band access, which will usually "cost" you an extra Ethernet port at the DC. One port is your production port. The other is the out-of-band access one. Of course out-of-band invites a new set of problems, but you can run them simple with exposes ssh only, and a tight IP range whitelist for the IP it runs on. If problems, log on via ssh, enable other access channel, do the work, revert to secure ssh only. This way if rebooting the server you can out-of-band access, via web VNC, via ssh, via anything else. This gives you: 1) an ability to buy and use self-encrypting SSDs. Those early pre-OPAL Intels are a good choice as each encrypt their data independently. Intel SSD 525 or S3500 are good examples. 2) FDE however you want. = two layer of encryption right there, add more with more volumes independently encrypted. There. Solved. No chop. No half measures. Nothing exposed. Sadly, proper security costs and isn't convenient. Nothing of quality ever is, eh. Happy to answer further questions. Running several of such servers. Thanks. PG
