You can unlock your rootfs on bootup from remote, using ssh to log in to the booting system while it's running with the initramfs mounted.
For remote unlocking to work, the following packages have to be installed before building the initramfs: dropbear
busybox
The file /etc/initramfs-tools/initramfs.conf
holds the configuration options used when building the initramfs. It should contain BUSYBOX=y
(this is set as the default when the busybox package is installed) to have busybox installed into the initramfs, and should not contain DROPBEAR=n, which would disable installation of dropbear to initramfs. If set to DROPBEAR=y, dropbear will be installed in any case; if DROPBEAR isn't set at all, then dropbear will only be installed in case of an existing cryptroot setup.