Exactly, that's why the password shouldn't be on the server, but having to type it in every time is inconvenient. Nothing I've been able to think about is secure so I was asking.
I also understand that any attacker gaining access to the server while it's running (the usual scenario) gets access to the unencrypted file system so maybe it doesn't make much sense to encrypt servers. Still I'm curious.
> Exactly, that's why the password shouldn't be on the server, but having to type it in every time is inconvenient. Nothing I've been able to think about is secure
That’s what I said to a friend of mine when we had numerous servers with encrypted disks and frequent power outages requiring us to type in passwords. He then suggested many different schemes to fix this, each of which I shot down as being insecure. Then he came up with something which I couldn’t shoot down, and he made a first proof-of-concept implementation, which is how Mandos¹ got started. This was many years ago; Mandos has since become available in Debian and Ubuntu; just do "apt-get install mandos".
