To make it even harder for predatory institutions to find your keys.
Use autossh and a systemd service…
LUKS partitions cannot be recovered once the header is lost.
No need to enable full login shell if the only intended usage is proxying.
No need to enable full login shell if the only intended usage is tunneling.
Useful in specific situations.
So easy to encrypt a USB key, or external or internal drive!
So that only your session password is needed.