Some very good thoughts which I like.
Your understanding is also correct.
I thought it would not be possible to remotely access an encrypted operating system? I thought I would have to remote into an unencrypted OS such as Ubuntu, then enter the encryption key for the second OS from there.
So...