I've set up remote VPS systems with GELI disk encryption, including swap encryption, during FreeBSD 12.2 installation.
I've locked down SSH quite securely too so I presume now when remoting in, security is reasonably assured.
I want to address the possibility that within the VPS terminal's web interface, having entered the GELI passphrase there, it's within the realm of possibility that the passphrase could be intercepted.
I rarely intend to restart the server (and re-enter the GELI passphrase through the web interface). When I need to however, I'd like to afterwards be able to SSH in and change the passphrase so if anything was intercepted, it's effectively outdated.
How does one change the GELI passphrase to system wide encryption?
I've locked down SSH quite securely too so I presume now when remoting in, security is reasonably assured.
I want to address the possibility that within the VPS terminal's web interface, having entered the GELI passphrase there, it's within the realm of possibility that the passphrase could be intercepted.
I rarely intend to restart the server (and re-enter the GELI passphrase through the web interface). When I need to however, I'd like to afterwards be able to SSH in and change the passphrase so if anything was intercepted, it's effectively outdated.
How does one change the GELI passphrase to system wide encryption?