On Sat, Feb 14, 2026 at 01:38:10PM +0100, Peter G. wrote: > On 14/02/2026 13:19, Crystal Kolipe wrote: > > If the OP would otherwise be happy with an initramfs dropbear install on a > > linux system, what you propose would be something of a sledgehammer to > > crack a > > nut. > > One of you already very well explained dropbear or similar chop is an > insecure half-measure, explaining the MITM possibly. Do you want a > secure solution or do you want to talk yourself into cozy denial you're > doing fine?
I already addressed this in my first reply: On Sat, Jan 24, 2026 at 04:21:28PM +0000, Crystal Kolipe wrote: > If you have a specific threat model that you are trying to protect against, > and you believe that the only thing preventing you from doing that is the > inability to enter a passphrase at the bootloader without being at a keyboard > which is physically connected to the server, this suggests to me that your > logic is flawed elsewhere. So it might be worth explaining exactly what you > are trying to do. Without further input from the OP, I don't see any point in continuing this discussion. Actually, I don't see much point in continuing it even with further input from the OP, because a variety of solutions have already been proposed. This whole thread seems suspiciously like one of those, "I think that I need a level of security for my little home server project that goes beyond what most commerical users of OpenBSD have. The Linux world promises that I can get that in an easy and convenient way, yet it's not possible to do on OpenBSD.", misunderstandings. Not everyone has an unlimited budget, nor the experience to confidently set up a complicated remote server configuration. IFF they were already satisfied with a fundamentally flawed system on another platform then it's much better to explain why that system was fundamentally flawed and the futility of what they are trying to do, than to sell an over the top solution which is likely not an option for budget reasons anyway. Otherwise the most likely outcome is that they will: * Spend a lot of money. * Set up a system that is complicated beyond their comfort level to administer. * Mis-configure it because of a lack of knowledge, experience, and other people to ask for advice, (because the system is oddball). * End up with a warm fuzzy feeling that it's 'secure' just because it's complicated and has a lot of flashing lights and funky non-standard hardware. * Realise some time later that a mis-configuration actually left it wide open, in some non-obvious way. > 2) No problems I can think of running collocated. Think harder :-).
