luks-unlock.sh

#!/bin/bash
# http://blog.nguyenvq.com/blog/2011/09/13/remote-unlocking-luks-encrypted-lvm-using-dropbear-ssh-in-ubuntu/
host=pink
timeout=35
echo "ssh'ing to $host to unlock luks. Wait $timeout secs for password prompt"
ssh -o "UserKnownHostsFile=~/.ssh/known-initram" root@$host << EOF
        pid=\`ps | grep "/scripts/local-top/cryptroot" | grep -v "grep" | cut -d " " -f 3\`
        echo "Found pid(s) of cryptroot: \$pid"
        kill -9 \$pid
        echo "Waiting $timeout secs for wait-for-root script to time out..."
        sleep $timeout
EOF
echo "sshing for password..."
ssh -t -o "UserKnownHostsFile=~/.ssh/known-initram" root@$host '/scripts/local-top/cryptroot'
echo "sshing to kill shell"
ssh -o "UserKnownHostsFile=~/.ssh/known-initram" root@$host << EOF
        pid=\`ps | grep "/bin/sh" | grep -v "grep" | cut -d " " -f 3\`
        kill -9 \$pid; exit
EOF

[EDIT] I see where this applies now # http://blog.nguyenvq.com/blog/2011/09/13/remote-unlocking-luks-encrypted-lvm-using-dropbear-ssh-in-ubuntu/ - If you have a yubikey solution I would still appreciate your help on that. [/EDIT]

Could you please explain how this works? I understand that I can use this from the client to log into a dm-crypt + LUKS encrypted remote server. In my case it's Mint 14.04, and I don't need to do anything on the side side other than setting up ssh access for the client. Running this script will allow me to remote into the encrypted server without having to physically go to the server and type in the dm-crypt + LUKS password. I assume that I can also login with a username that has sudo rights. Could you please advise?

Also, is there a way that I can use my Yubikey with this? I've purchased a couple and haven't ever used them and I didn't want to set up yubikey on the server unless I could access it remotely without someone having to be physically present to activate the yubikey. Thanks.