Linux Disk Encryption - Remote Unlocking at boot
If you have a encrypted root partition, it usually requires access to the console to enter the passphrase. Even if you have the root partition unencrypted and have you sensitive data on a different encrypted partition, that you manually mount after SSH is available. You still have to deal with starting services after said manual mount. There are a number of remote unlocking tools (luksrku, mandos, tang/clevis), which attempt to solve this problem, by having a service running a trusted network to provide the decryption key....