I keep my /boot partition on a usb stick, where i keep the keyfile as well. I already generated the keyfile and added it to the LUKS LVM partition.Right now, on bootup I get a nice GUI to enter my 40 character password which is nice but a little tedious What do i need to modify for the system to automatically unlock the partition with the keyfile that is stored on the /boot partition
View 4 RepliesRecently set up root encryption with a couple of LVM volumes inside one LUKS volume, and I am just a little confused as to how I would go about getting it to automatically unlock using a keyfile stored on a USB flash drive, I presume I would have to put the drive in the fstab inside my initramfs (if there is one), and add a hook for USB device support.
But I digress, essentially, I want to know what I have to do to enable my LUKS volume (containing all of my partitions sans /boot) to unlock using a keyfile stored on a USB flash drive, rather than a manually entered passphrase.
I have a Truecrypt-encrypted Windows [system] partition, that I want to be opened and mounted automatically (using a keyfile) when I log into Debian, since it is also encrypted and I don't want to type two passphrases. It think this could be done with LUKS. With TC I probably have to go with the CLI, but haven't figured it out yet. And I can't add a keyfile to the volume using the GUI. In order to mount the volume I have to tick the Mount partition using system encryption (preboot authentication) checkbox, or otherwise I get Incorrect password or no TrueCrypt volume found. And same when I try to add a keyfile.
View 2 Replies View RelatedAnyone had any experience with unlocking a LUKS encrypted root partition via ssh? It is ok to leave /boot unencrypted.
There are a few pages from google with the debians variants, archived by putting dropbear into initrd.
I like to do that with my fedora/centos remote servers, but struggle to find any resources specific to it. Anyone has any suggestions and thoughts as to what might be a suitable way forward?
I can't seem to get an encrypted partition to recognize a keyfile. It is a backup partition that I would like to keep unmounted until a cron-script runs once a week to backup my sensitive data. In order for the script to run without my assistance, I thought I'd use a keyfile to authorize the mount.
So far I've created a keyfile and have added it to the partition using "luksKeyAdd". It didn't really say it was successful, but when I do a luksdump, it shows that another key slot has been enabled, so I believe it worked. After that I created a /etc/crypttab file with the following:
Code:
backup_sdd1 /dev/sdd1 /root/backup luks
/dev/sdd1 being the backup partition, and /root/backup being the keyfile
After rebooting, I am still prompted for a password when trying to mount the encrypted partition (sdd1), and there is no device "/dev/mapper/backup_sdd1" created like I believe there should be. I haven't added any entries to fstab, as I don't want this partition to mount at boot.
I have two questions regarding auto mount function of Truecrypt. First question:
I want to automatically mount my flash drive encrypted by Truecrypt using a keyfile whenever I plug the drive. How can I do this? I use Ubuntu 10.10.
Second question:
As I do not know the answer of my first question, I currently use following command in a startup script to mount my encrypted flash drive automatically at every system start-up.
Quote:
/usr/bin/truecrypt -k ~/keyfile --auto-mount=favorites
My problem with this method is, Truecrypt always search for the drive in the same path saved in favorite drives list, e.g. /dev/sdb1. However sometimes there are more than one flash drive plugged to my computer and my encrypted drive's path changes. In such cases Truecrypt cannot mount my encrypted drive because it cannot find the drive in its path.
As a workaround I tried "auto-mount=devices" parameter. It is slow because it checks every mounted drive, and some of them external hard disk big in size. Moreover it does not recognize any mount point parameter. I'd like to mount the drive to the same mount point every time.
Quote:
/usr/bin/truecrypt -t --auto-mount=devices -p "" -k ~/keyfile /media/MyMountPoint
The command above mounts the drive however it is slow and to the destination of "/media/treucrypt1".
Can't start Ubuntu, stops after first password. I can access files on my encrypted partitions with LiveCD but I wonder if I can install Ubuntu and still have access to the encrypted drives as I can with LiveCD?
View 1 Replies View RelatedAfter my cloning problems this morning were resolved, I have been able to complete conversion of the clone to run from an encrypted root partition. However, I have been unable to enable selinux when running from the encrypted root. /etc/selinux/config contains the settings that work on my unencrypted system
SELINUX=enforcing
SELINUXTYPE=targeted
and it is not disabled from the grub bootline, but the encrypted system always comes up with selinux disabled. Attempting to enable it with the command setenforce 1 fails, and to add insult to injury, the selinux administration-gui shows that it is enabled and enforcing. The cloned, now encrypted, system was cloned via rsync -aHXv, so the selinux contexts/attributes have been maintained as near as I can tell. I did have to disable selinux while performing the rsync of the /selinux directory in order to get it to copy and I am wondering if there was still some issue with this method.
I know some of you are running from encrypted root fs's and was wondering: Do you have selinux enabled and is it functioning properly? Any suggestions as to how I might jumpstart it or force it to run? Maybe I should boot into the system and uninstalling/reinstalling selinux?
I like to do a minimal install, and then run some of my own scripts to install the rest of the packages I need, so to keep a lean system. When installing F14 with a partitioning scheme as follows:
Code:
/boot - 500MB
LVM
- swap - 2048 MB
- / - 15GB
- /home - Rest of file system - Encrypted
Everything works fine and the encryption works with no problem. However, as a friend pointed out to me, if you partition as follows:
Code:
/boot - 100MB/ - Rest of filesystem - Encrypted You are not able to boot the system when doing a minimal install. Meaning: you get up to the point to where you need to enter your password to decrypt the filesystem, and then nothing but..., well, nothing. However, and here it gets interesting, if you use the same partition layout, and you install the "Graphical Desktop", everything works fine. As I can not understand why this happens, I am currently testing a partition setup like so:
Code:
/boot - 100MB
LVM - Encrypted
- / - Rest of filesystem
Just to see if that works.
Anyhow: to make a long story short: It seems that the minimal install "forgets" to add some packages which are needed to decrypt the filesystem. Does anyone know which package this could be or why this occurs, so it can be added as part of the minimal install?
Been using fedora for a few years now, got a boot error this morning I just have no idea were to start looking. Got a luks encrypted root, getting the following after entering pass-phrase:
...
Starting Stdio Syslog Bridge.
Starting /dev/cgroup failed, see 'systemctl status dev-cgroup.mount' for details.
[code]....
I have been using fedora 12 for last 6 months, recently I bought an external USB hard drive of 320 GB capacity. I made 2 partitions using the Disk Utility in Fedora. I encrypted the first partition as it was supposed to hold a lot of sensitive data, and yes it did have. Now I had to change my OS to AV linux for some audio-video editing work which wasnt being done properly on fedora due to some issue beyond my knowledge. now the problem is my encrypted partition is not accessible in my new installation. I see an empty space on my /dev/sda1. although no change to partition data has been done and the data on the second partition /dev/sda2 is easily accessible. when putting the drive on automount, is does not ask me for the password and neither does it show me the data. I have tried fdisk and sme other utilities but have failed to get my drive unencrypted.
View 7 Replies View RelatedI used Ubuntu for years now, but since the latest decisions got public I deceided to try something new: Fedora. I installed the system as a dualboot,Ubuntu and my old data. Because Fedora got installed inbetween of two partitions,ad to do the partitioning manually. I just made one partition /dev/sda4. During the installation process I got asked about the password for my /dev/sda1 partition. Of course, I entered it. So far so good.Now, everytime when I boot, the boot process stops and asks me for the password of the /dev/sda1 partition. However, the boot process does not go on, unless i press STRG+C.After the log in, I can also not access my data, by entering the password (GUI).The only way I can acces the data on that partition is:
Code:
su -
cryptsetup luksOpen /dev/DEVICENAME luks-fedora
[code]...
Somehow my file encryption password changed so when I went to re-install Fedora it said SDA-2 will not be available during installation.Is there a way to erase the whole disk including the ecrypted portion?
View 2 Replies View RelatedCan I resize an encrypted partition with gparted?
View 2 Replies View RelatedI encrypted my /home partition in my last installation F13. For some reason, I have to reinstall F13. After I login, I can not access /home. I followed some instructions like
modprobe dm-crypt
modprobe dm-mod
cryptsetup luksOpen /dev/vg_vit/lv_home vg_vit-lv_home
[code]...
I need to access /etc/modprobe.d on an encrypted LVM LUKS partition. I m not sure how to go about it though. Mount usually handles my mounting needs, do I need to decrypt the physical volume first? LIst of commands need would make my day.
View 1 Replies View RelatedI have encrypted a partition while installing Fedora 13, and I need to disable its automount - I will mount those manually.
But even though I commented out the corresponding line in /etc/fstab, I am still asked for the passphrase for the partition at startup.
How to completely disable this behaviour - and how to mount the partition manually afterwards?
I just picked up a 1.5TB external drive. I want to wipe the NTFS partition (I assume that's what it is) that is there and replace it with an encrypted ext4 partition.
Is there a HOW-TO somewhere for this?
couldn't find anything similar on the forum.I am writing a kickstart for fedora 14 with a partition table similar to:
part / --asprimary --fstype="ext4" --size=10000 --encrypted --passphrase=pass1
part /boot --asprimary --fstype="ext4" --size=130
part /var --fstype="ext4" --size=5000 --encrypted --passphrase=pass1
[code]...
I just did a yum upgrade from F13 to F14 to F15. According to /var/log/messages NetworkManager crashes trying to parse a VPN keyfile:
Code:
NetworkManager[2519]: ifcfg-rh: parsing /etc/sysconfig/network-scripts/ifcfg-eth0 ...
NetworkManager[2519]: ifcfg-rh: read connection 'System eth0'
NetworkManager[2519]: keyfile: parsing VPN Connection UDP ...
NetworkManager[2519]: <warn> caught signal 11. Generating backtrace ...
I'd like to remove this VPN config in hopes that NM can init and run, but I cannot figure out where this configuration is stored.
I need a FREE solution that can image an entire Luks system encrypted volume and the rest of the used HDD, the MBR and /boot partition. Note: MBR and /boot are not encrypted. Note 2: I want to be able to restore entire drive from image with only a couple of steps. Note 3: Destination HDD space is a factor. Image file must be compressed and the image file must be around 40 to 50 GB or less. The smaller the image the better.
I have used clonezilla live cd before but not for encrypted volumes. I know you can install it in Linux. But, I don't know how to configure it after installation. I would be very happy if someone could tell me how to configure clonezilla in Fedora. How to guides are also welcome. I have one more question. If I image the encrypted volumes and all the stuff I mentioned above while logged in to Fedora, and I restore the drive from the image, will the recovered drive still be encrypted?
I try to encrypt root file system on Opensuse 11.1 and I have found up to two possibilities.
1. [url]
2. [url]
In the first case, i have a Problem with entering password, for each partition on encrypted disk, i must enter my password.(For 3 partition 3 times)
And in the second version to get i nowhere.
Code:
I am trying to get Slackware 12.2 running on a system with two identical harddiscs using RAID-1, LVM and LUKS.
Here is what I get:
Code:
The system is still the same, however, the results of upgrading or installing 12.2 are different. The system refuses to boot. The screen messages during boot seem to suggest, that the RAID system is "seen" by the system, but the encrypted filesystem is not.
I can boot with the installation DVD, however, and
Code:
when i have installed fedora 14 from the live CD....i noticed fedora give 4.9 GB SWAP partion:mad and give the root another 4.9 GB.... every time i monitor the swap is free cuz my RAM is 3 GB.... I want resize my root and take the space from the SWAP and give the SWAP only 1 GB... im worried that i miss up with system.... any clean graphical interface recommend me...? or any clean way to resize..?
View 1 Replies View RelatedOpenSuSE 11.1 is by far the best SuSE version in a long time. It's generally up to competition or ahead of it. It's admirable, how thoughtful this system is set up, and how clean and fast it is compared to its predecessors. It ssems, that SuSE is fighting its way back to where they came from before the Novell "merger."
Having said that, it is even harder to understand, IMHO, why the installer doesn't support encrypted root partitions. Of course, there is a manual solution:
http://en.opensuse.org/Encrypted_Roo...ith_SUSE_HOWTO
However, this HOW-TO doesn't explain how to combine LUKS encryption with LVM on a RAID-1 system, as described for Slackware 12.2 here:
[url]
[url]
Is there a similar guide anywhere available for OpenSuSE 11.1?
If not: Would it be possible to do all the low-level setup work, like partitioning, setting up the logical volumes and encrypting everything, with Slackware, following the document above, and then install OpenSuSE 11.1 on that system? Would that work?
I got 2 HDDs, I had created LVM by two of them. When I was trying to install quota it was saying it is better if you run fsck first message. When I tried to run fsck. It warned me that I could lose some of my data. So it happened. Actually it is worse: I can't boot my Fedora 11. When I try to run installer in rescue mode, it says no linux partition find. When I try to install (just to see partitions) it shows LVM volumes of hdds are ok but the partition which is / (root)partition seems in unknown format. How can I save my datas? Or can i restore my partitions, LVM?
View 11 Replies View RelatedWhen I click on my Vista partition under "Places" in the Fedora menus, I'm asked to enter the root password for mounting the partition. Is there a way to allow any user to mount this particular partition, to avoid the unnecessary input? The partition is not listed in /etc/fstab (fedora 12 for x86_64).
View 5 Replies View RelatedRecently I tried to install Fedora 12 x86_64 to my laptop. I ran the live fedora image from my cooldisk and then pressed "Install to Hard Drive" from live desktop. Then I went forward until I reached the partitioning section. Though I had ~28GB free space in my Harddrive, but it says: "Could not allocate requested partitions: not enough free space on disks." You can see my steps until reaching this problem in these 3
pics:
step1:
step2:
step3:
I captured these steps by using Fedora 12 Live printscreen tool. I tried to install Fedora12 from its non-bootable DVD too, but no difference! So there's only 2 situations:
1. I did something wrong -> install Fedora and use its partitioning tool.
2. There's a bug in Fedora -> confirm that this is a bug and say me an alternative way to install fedora.
I have a usb flash drive and according to sources I found out after the fact that I should have used ext2 instead of ext4 due to the extra write operations.
Is it possible to convert the ext4 root partition to ext2 or do I need to backup, reformat, and restore?
I joined the fedora irc channel and asked how to delete a partition. We actually decided that we could not delete the partition I wanted to delete because it was a root partition. After unmounting the partition, and one other partition with a really long directory name, all of my applications disappeared. I need a safe surefire way to resize a root partition. I don't want to unmount anything because we don't know if we'll be able to mount it again.
View 3 Replies View Related