I have successfully followed the instructions from Full-Disk Encryption With cryptsetup/LUKS and got the setup working for local unlocking.
However I primarily want to unlock servers via “remote unlocking” to each one a Nitrokey shall be connected to. Remote unlocking via ssh works in general, but not when using “keyscript=decrypt_gnupg-sc”. I assume it conflicts with already ongoing decryption attempt.
As soon as decryption retries fail due to non-entered Nitrokey PIN, the dropbear connection is closed.
I hope I am not the first one trying remote unlock with GPG keys for root LUKS partion, so I am wondering if there is already a solution out there.