I'dont get prompt for passphrase for decrypt luks during boot.Instead it says 'error: device name required, press any key to continue"
Grub.cfg: http://pastebin.com/GZsuXp1y
kernel: linux-image-4.3.0-1-amd64
video with issue: https://www.youtube.com/watch?v=13ruhtUcwRo&feature=youtu.be
VM disk has 2 partitions:
sda1 with /boot
sda2 - luks encrypted
I have install a debian jessie in my laptop, i create a lvm volume with /, /home, etc and a /boot partition outside. the i move this partition to the lvm volume and boot from it, everything it´s okay and it works.
The problem is that wen boot it ask me the passphrase to load grub, and then, when grub loads the kernel, it ask me again the passphrase.
I read that i can pass a key file to the initramfs to solve this, but where i see it, he uses mkinitcpio, and i can´´t find this package in the debian repos, it an arch package, also i tried this option [URL] ...
But it asking me the passphrase 3 times, and the third fails, the sistem starts, but i read the fail in the log.
Is there any way to only have one passphrase prompt when using multiple LUKS partitions? Well there must be, as that's how Fedora does it - it asks you once, and tries that passphrase on every LUKS volume (with a nice plymouth prompt), I just don't know how to do that on Wheezy. Don't say I have to nuke my install and use LVM instead of regular partitions or put a keyfile on a USB stick. My partition layout is:
/boot (plain)
swap (luks)
/ (luks)
/data (2nd drive, luks)
So I get asked 3 times during boot.
A customer of mine has setup a Debian 5 system enabling root filesystem encryption without really needing it.As long as i have a remote access to the system, i have to ask for his interaction to input passphrase when we do need do a system reboot for a reason.One time the customer doesn't really need an encrypted FS, i ask:Is there any way to decrypt a luks fs? If not, or if it's hard, how do i generate a keyfile to be retrieved from /boot FS which is not encrypted?
View 1 Replies View RelatedEvery time I log in to my Fedora 13 system, I am prompted for my SSH pass phrase.
I would like to be prompted the first time I login after booting, but then have ssh-agent continue to run until I kill it or shutdown so I don't have to be prompted every time.
Where do I configure this?
Is it better to install LUKS to raw disk (/dev/sdb) or disk partition (/dev/sdb1)? What are best LUKS options?
"cryptsetup benchmark" output
Code: Select allPBKDF2-sha1Â Â Â 1310720 iterations per second
PBKDF2-sha256Â Â Â 862315 iterations per second
PBKDF2-sha512Â Â Â 590414 iterations per second
[Code] ....
Is slow hash better or how to choose it? It is clear that aes-xts is best choise. Is 265 bit key good?
I recently was given a system with an ASUS A8V motherboard, AMD Athlon 64 3000+ 1.8GHz CPU and one 60 GB SATA disk to which I added a 120GB IDE disk. As the disks are on different (built-in) controllers and are different speeds, I set up /boot, root and swap on the SATA disk, and then one big /home partition on the IDE drive, using the custom partitioning. If I install Fedora 15 32 bit (from DVD) with encryption enabled, I get prompted for the encryption passphrase during bootup as I would expect. If I install Fedora 15 64 bit (from DVD), I get that same prompt and the boot hangs. I can then bring up a serial console where I'll find a prompt for the same passphrase for the IDE drive. I can enter it and the boot will proceed.
I am now running F15 64 without encryption; I would like to get encryption working again but without having to enter the passphrase twice. Plus I figure that this *should* work the same under both the 64 and 32 bit versions. I have had to reinstall this system a few times, using both versions -- the behavior has been consistent.
I got a little problem upgrading my ubuntu-nas with some storage.I wanted to add a new harddrive to my lvm but I stuck before getting to this point.I want my harddisc to be encrypted before adding it to the lvm.I tried the following:
Code:
# sudo cryptsetup luksFormat /dev/sdb1 -y
WARNING!
========
This will overwrite data on /dev/sdb1 irrevocably.
Are you sure? (Type uppercase yes): yes
... and nothing happens. dmsetup ls returns nothing.
I looked into my shell 'profile' on my running lenny and copied the PS1 definition over to my [virtual] new squeeze machine, but astoundingly, the prompt does not change!
The prompt always remains to be like this:${debian_chroot:+($debian_chroot)}u@h:w$
This does definitively not stem from 'profile' and I cannot find, where it is defined and how I can override this. If I do it interactively, in a terminal [terminal running in Gnome], it works like expected. In that script, even if I use 'unset PS1',followed by PS1= ... / export PS1, it does not change,Someone with the knowledge and/or a good idea would be great!
I am getting more and more comfortable working with the shell, thus I would like to change its prompt color to my liking, as it will be easier for me to distinguish commands vs. outputs.
I've read a couple of instructions of how to change the .bashrc file and am familiar with what the codes in PS1 mean. Except, this file can be intimidating to newbie eyes.
Where exactly on the file is it that I need to make the change?
Here is what I am trying to do. I would like my prompt to like exactly like the prompt I use in Backtrack - which consist in two different colors, one for the host and another for the pwd. Here is what the Backtrack .bashrc file looks like:
# /etc/profile: This file contains system-wide defaults used by
# all Bourne (and related) shells.
# Set the values for some environment variables:
export MINICOM="-c on"
export MANPATH=/usr/local/man:/usr/man:/usr/X11R6/man:/usr/local/share/man:/usr/bin/man:/usr/share/man
export HOSTNAME="`cat /etc/HOSTNAME`"
[Code]....
I also read that in order to have the same results when I log in as root, I will have to copy the modified .bashrc file into /root
I installed 2.6.38 from backports. It boots OK, and among the start-up messages it says it has started kdm, but then it offers only a console login prompt, no GUI. I assumed (perhaps optimistically?) that newer kernels would be backward-compatible, and that any dependencies on other software would be enforced by the package mechanisms. Running amd64, Squeeze, KDE.
View 6 Replies View RelatedOn a Debian 5.0.8 I have a problem with OpenSSH server (sshd): when connecting to it from another host there is always a 10 seconds delay before sshd gives login prompt to the client. After the connection is established the communication goes on without any interruption. This long delay started to happen a few months ago and sshd_config was not changed at that time.
Here is a short description of the conversation between the putty client (on MS Windows) and sshd:
- putty client starts connection to sshd
- 10 s delay
- sshd returns "login as:"
- user types username in putty window
- sshd returns "password:"
- user types password in putty window
- sshd returns MotD and shell prompt
Here is a short description of the conversation between the OpenSSH client (on a Debian 6) and sshd:
- client does "ssh user@host.foo.bar"
- 10 s delay
- sshd returns "Password:"
- user types password
- sshd returns MotD and shell prompt
I tried connecting from:
- local host - NO DELAY
- a host on the same subnet - delay exists
- a host on another subnet - delay exists
I've found the following suggestions but to no avail (of course I restarted sshd after changing its configuration):
- on server put "UseDNS no" at the end of /etc/ssh/sshd_config
- in /etc/hosts on the server define mappings between IP addresses and host names for the ssh clients
- on client use "GSSAPIAuthentication no" in /etc/ssh/ssh_config
Here are some logs and configurations:
I'm trying to install debian on a encrypted partition with LUKS and LVM. I've found a good tutorial for ubuntu (here but it's in french). The idea is to create a sda1 partition for /boot and create a sda2 partition which is encrypted with luks ("cryptsetup -c aes-xts-plain -s 512 luksFormat /dev/sda2") and on this encrypted partition, I use LVM to divide it in several different partitions (root, swap, home,...).
I can do it all with the debian live cd but once it's done I need to install debian. The problem is that with the basic install cd (I use netinstall), I cannot decrypt the partition for the installation (or if I can how ?)And with the live cd, I didn't find any option to do that.
I had Ubuntu installed, i installed Debian and there was no dual boot. So i formated all the hard disk to install only Debian. It installed but at boot i get error: no such device and the grub rescue> prompt. i googled for a solution and nothing worked:
- i tryed reinstalling grub, not worked
- i did the windows cd fixmbr trick, not worked
- reinstalled debian with fixmbr the first step and nothing
- tryed deleting with dd the mbr, not worked
- reinstalled grub from debian rescue, not worked
what should i do? i can't access my computer? please tell me how should i fix it? the google guys will kill me because i put their servers on fire
A week ago I opened this thread viewtopic.php?f=17&t=61580 in "Board index ‹ Help ‹ Installation" and asked for a moderator to move this to here. Because it hasnt happened up to know, I am reopening the thread here. It would be reeeeally great if somebody could help me with my problem!
I own two computers, one netbook and one laptop. I want to boot my netbook as a diskless client via PXE.I set up a dhcp-, tftp and nfs-server on my laptop but when i boot my netbook, the follwoing messages are displayed:(to make it more clear, i uploaded the whole output and shortened the output below)
[Code]...
I have an encrypted disk, using LUKS / dm-crypt, on Fedora 14.Every time I boot, I am immediately prompted for the passphrase. This happens VERY early in the boot process, and is a graphical screen (ie not console text). If I hit escape, I am prompted in a text-mode for the same passphrase. If I hit escape or return a few times, boot continues normally.
I only mount the disk occasionally, and don't want to be prompted at boot for the passphrase to luksOpen the disk at boot. I manually cryptsetup luksOpen and then mount it when I want access. I just don't want to be asked at boot, and don't want to unlock it until I do so manually.Does anyone how how I can tell Fedora to not attempt to decrypt / mount this filesystem at boot?It's not in /etc/fstab. I should mention, no LVM, just mdadm raid5 on the partition + luks /dm-crypt.
How can I make Debian encrypt and decrypt my home folder when I log in/out like Ubuntu does?
View 1 Replies View RelatedOther than my encrypted home directory, I am all set to switch from ubuntu to Debian.Is it sufficient to install ecryptfs-utils or do I need to setup a script or something similar for it to automatically decrypt my home directory on login?
View 4 Replies View RelatedI recently started installing Debian and I want to download and install a GUI in it. For that I could use my university Wi-Fi connection. I was told that it's a WPA2 secured connection. But when I tried to configure it, it keeps asking me for a "passphrase". I don't have a passphrase! All I have is my username and password for the Wi-Fi. What should I enter as my passphrase ? I tried both username and password and neither of them worked.
View 4 Replies View RelatedI have just installed Ubuntu (/dev/sda7) and Debian (/dev/sda4), but since I have updated all informations on Ubuntu, then Debian did not appear anymore on the grub list. There is an wiki I have found, but I an not really sure about what to do.
Here are the boot informations:
Boot Info Script 0.55 dated February 15th, 2010
Boot Info Summary:
=> Grub 2 is installed in the MBR of /dev/sda and looks at sector 488861020
of the same hard drive for core.img, core.img is at this location on
/dev/sda and looks on partition #3 for (,gpt3)/grub.
[Code]...
ps: on this file, it says that the /boot is installed on the MBR and /dev/sda3. I will remove the boot from MBR as I am now using /dev/sda3 instead. Sorry for my english
I've just upgraded from 9.10 on a system that has an encrypted root partition encrypted using the following guide:
[URL]
On boot, prior to the LUKS password prompt, I see the error:
Code:
cannot open file /etc/console-setup/boottime.kmap.gz
The consequence is that the keyboard does not respond, the password cannot be entered, and the root partition cannot be unlocked.
This behavior occurs on all 2.6.32.x kernels but falling back to my previous kernel, 2.6.31.9-rt works just fine.
This is on a production system and is not running in a virtual machine, so the issue is not:
[URL]
I have tried running sudo dpkg-reconfigure console-setup, which does regenerate the initram-fs for the desire kernel, but it does not solve the problem.
The guide's initram hook includes the lines:
Code:
mkdir -p ${DESTDIR}/etc/console-setup
cp /etc/console-setup/boottime.kmap.gz ${DESTDIR}/etc/console
... but my understanding of the initram stages of the boot process are hazy and I am unclear what the intent is behind the lines.
I just installed ecryptfs (debian Lenny). However, when I try to run it (as normal user), I get the following
$ ecryptfs-setup-private Enter your login passphrase: And it wont accept any password (naturally since this is the first time I'm running it).
I just installed debian-6.0.1a-i386-netinst yesterday on my Dell Dimension 4100. I have a serial keyboard and mouse, which both worked fine during the install and the keyboard allowed me to enter the correct passphrase. After I enter the passphrase the PC continues to boot up, and it gets to a black screen with small fuzzy/distorted "DELL" logo's on the top part of the screen going from left to right.
What is wrong with my PC? What can I do to troubleshoot this?
I really would like to get debian up and running on this desktop
Without going into a lot of the reasons, I have a bootable program on a USB stick that i would like to 'boot' when debian is starting up (or after it completes, or whenever it makes sense to do it). My MB does not support a USB boot, I've removed the floppy and CD so I can add additional HDs (its a small box but well ventilated).
Another option I have is to use my bios 'network boot' option, but I have no clue how to use it and the only description in the mb manual says "Allows system to be booted over a network" In network boots, *usually* one is given an option of specifying a device address, and the network boot executes a boot protocol (e.g. bootp), and the boot image file is downloaded to the target, stored and run out of RAM. No evidence of this behavior is exhibited when the network boot option is selected in the bios...
I had encrypted a partition in Debian6 KDE4 using LUKS. Using the partition as a backup storage so do NOT want to automount it, therefore I have not added the encrypted partition (/dev/sda5) into /etc/crypttab or /etc/fstab. However, when booted into Debian, the partition is not shown in dolphin. How can I mount it manually when I need to use it?
View 1 Replies View RelatedWhen I upgraded from FC11 to FC12 of the encrypted raid partitions started to request password on boot (in FC11 not having references to encrypted md1 in fstab and crypttab, was enough for FC11 not to ask for passwords on boot) despite the fact that I removed /etc/crypttab and there is nothing in /etc/fstab relating to encrypted md1 (raid array). I want my machine to boot w/o asking me passwords for encrypted devices, and I will open and mount them myself manually after boot.
View 11 Replies View RelatedI'm trying to have a LUKS encrypted partition mounted at startup and to have GDM ask for my key so it will decrypt. Now I followed [URL] to the letter. Except for now, I have it just mounted into /mnt/cryptohome so I'm not messing with my system. My problem is the one everyone mentions in the comments, ubuntu isn't asking for the LUKS key in the X display, it's asking in the first terminal (Ctrl-Alt-F1). This will not do. I need it to ask to mount my drive before I'm even asked to login, so eventually I can encrypt my /home.
View 9 Replies View RelatedI'm having a problem auto-mounting a new luks partition. I have crypttab and fstab entries. I already have my primary encrypted partition (root) mounting at boot (from the install), but after creating this one manually, it does not open on boot. It auto-mounts when I run the following command manually after boot: sudo luksOpen /dev/disk/by-uuid/<uuid> mycrypt
/etc/crypttab entry:
personalcrypt /dev/disk/by-uuid/a1af5b7b-db58-4690-b586-b74407795e2c none luks
/etc/fstab entry:
[code]...
It seems I've run into a bit of a problem. I recently upgraded to the latest kernel 2.6.32-24-generic (x86) but when I reboot into the new kernel and type in my password the system hangs, same when using a keyfile on the root file system.to give an outline of how the disks are setup.3 hard drives
sda1 / = unencrypted
sdb1 /home = encrypted w/ luks
sdc1 /backup = encrypted w/ luks
When i boot to the original kernel 2.6.32-21 I'm able to successfully get into the system.
I need to resize (increase) LUKS partition. I have found a lot of manuals, but they are just for LVM volumes(I dont use LVM and I dont plan to use it). I have HDD splited to the 4 parts:
sda1(/)
sda2(LUKS)
unalocated
swap
I want to increase LUKS partition, by using the part of unalocated space.
BUT I dont want to do the following:
Backup data from LUKS partition
Delete LUKS partition
Create new bigger LUKS partition
Restore data to the LUKS partition
