Remote unlocking of LUKS root with Nitrokey GPG key

I have successfully followed the instructions from Full-Disk Encryption With cryptsetup/LUKS and got the setup working for local unlocking.

However I primarily want to unlock servers via “remote unlocking” to each one a Nitrokey shall be connected to. Remote unlocking via ssh works in general, but not when using “keyscript=decrypt_gnupg-sc”. I assume it conflicts with already ongoing decryption attempt.

As soon as decryption retries fail due to non-entered Nitrokey PIN, the dropbear connection is closed.

I hope I am not the first one trying remote unlock with GPG keys for root LUKS partion, so I am wondering if there is already a solution out there.

May I ask what’s the advantage of doing this? I assume the key is always plugged in to the server. To unlock it, you need manual user interaction anyway, why not just use a super secure password instead?

(I’m a noob, honest question)