Anyone had any experience with unlocking a LUKS encrypted root partition via ssh? It is ok to leave /boot unencrypted.
There are a few pages from google with the debians variants, archived by putting dropbear into initrd.
I like to do that with my fedora/centos remote servers, but struggle to find any resources specific to it. Anyone has any suggestions and thoughts as to what might be a suitable way forward?
I need a FREE solution that can image an entire Luks system encrypted volume and the rest of the used HDD, the MBR and /boot partition. Note: MBR and /boot are not encrypted. Note 2: I want to be able to restore entire drive from image with only a couple of steps. Note 3: Destination HDD space is a factor. Image file must be compressed and the image file must be around 40 to 50 GB or less. The smaller the image the better.
I have used clonezilla live cd before but not for encrypted volumes. I know you can install it in Linux. But, I don't know how to configure it after installation. I would be very happy if someone could tell me how to configure clonezilla in Fedora. How to guides are also welcome. I have one more question. If I image the encrypted volumes and all the stuff I mentioned above while logged in to Fedora, and I restore the drive from the image, will the recovered drive still be encrypted?
I'm trying to have a LUKS encrypted partition mounted at startup and to have GDM ask for my key so it will decrypt. Now I followed [URL] to the letter. Except for now, I have it just mounted into /mnt/cryptohome so I'm not messing with my system. My problem is the one everyone mentions in the comments, ubuntu isn't asking for the LUKS key in the X display, it's asking in the first terminal (Ctrl-Alt-F1). This will not do. I need it to ask to mount my drive before I'm even asked to login, so eventually I can encrypt my /home.
View 9 Replies View Relatedif encrypt my root partition with Luksformat on my laptop and the battery suddenly goes out without a proper shutdown, I stand a big chance on corrupting the luks header or key slot?
View 1 Replies View RelatedI run fedora 13 on my laptop (dual boot with Windows 7) and I just created a new partion to hold sensible data, encrypted with LUKS. I followed this tutorial for creating it.Now, everything went well and the new partition works well. But I needed something a little different from what the tutorial suggested, because I don't want the partition to be mounted on the system each time it boots, but I would (unlock and) mount it manually when I need it.
To do so I just didn't follow the Tutorial steps from 7 to 13, thinking that without the changes to crypttab and fstab the partition wouldn't be even touched by the start up process. And that's partially true: the partition isn't mapped nor mounted in the system when I boot, but the problem is that it however keeps asking for the passphrase to unlock it even if it doesn't get mounted or mapped.It just asks for it before the system loads all it's parts (udev, filesystems, etc) and I can't understand why, what it uses it for if it doesn't unlock it.So my question is: why does it ask for the passphrase to unlock luks if I haven't set crypttab and fstab to mount the partition on start up?
I need to access /etc/modprobe.d on an encrypted LVM LUKS partition. I m not sure how to go about it though. Mount usually handles my mounting needs, do I need to decrypt the physical volume first? LIst of commands need would make my day.
View 1 Replies View RelatedI have encrypted a partition while installing Fedora 13, and I need to disable its automount - I will mount those manually.
But even though I commented out the corresponding line in /etc/fstab, I am still asked for the passphrase for the partition at startup.
How to completely disable this behaviour - and how to mount the partition manually afterwards?
I am trying to get Slackware 12.2 running on a system with two identical harddiscs using RAID-1, LVM and LUKS.
Here is what I get:
Code:
The system is still the same, however, the results of upgrading or installing 12.2 are different. The system refuses to boot. The screen messages during boot seem to suggest, that the RAID system is "seen" by the system, but the encrypted filesystem is not.
I can boot with the installation DVD, however, and
Code:
OpenSuSE 11.1 is by far the best SuSE version in a long time. It's generally up to competition or ahead of it. It's admirable, how thoughtful this system is set up, and how clean and fast it is compared to its predecessors. It ssems, that SuSE is fighting its way back to where they came from before the Novell "merger."
Having said that, it is even harder to understand, IMHO, why the installer doesn't support encrypted root partitions. Of course, there is a manual solution:
http://en.opensuse.org/Encrypted_Roo...ith_SUSE_HOWTO
However, this HOW-TO doesn't explain how to combine LUKS encryption with LVM on a RAID-1 system, as described for Slackware 12.2 here:
[url]
[url]
Is there a similar guide anywhere available for OpenSuSE 11.1?
If not: Would it be possible to do all the low-level setup work, like partitioning, setting up the logical volumes and encrypting everything, with Slackware, following the document above, and then install OpenSuSE 11.1 on that system? Would that work?
I have a really tricky and may be intresting problem with a encrypted disk partition (cryptsetup luks...) which was fine until it accidentally got re-formatted by an instance of Windows 7. Most of the data on that 1TB-disk will probably still exist, only the LUKS header at the very beginning of the partition is - of course - gone.
So when I try to open the container, it gives no verbose, just the return value 234.
I scanned the whole partition for other LUKS headers with hexedit, none there. But, luckyly I have another partition which is encrypted in the exact same way with the exact same passphrase (which I remember very well!), so I had an idea: I copied the LUKS header (592 bytes) from the other LUKS encrypted partition over to the damaged partition.
When I now issue
Code:
Code:
No key available with this passphrase
Here is the command how I created the container:
Code:
How do I get the existing passphrase accepted by LUKS?
I'm just wondering - what is the best way to set up your encrypted volumes with dm_crypt and LUKS?
My understanding was that aes-lrw ws better than aes-cbc - and then I stumble upon [url] which says that LRW has some problems, and XTS is better? I dont know enough about encryption theory to be able to say anything, so i'm hoping some folks more enlightened will be able to say something here.
I was previously using aes-lrw-benbi to set up a volume. If xts is truly better - should i be using '-c aes-xts-benbi' then?
I have two basically identical harddrives that are encrypted with LUKS containing a complete debian installation:
Code: Select allroot@x200s:/home/b# lsblk --fs
NAME FSTYPE LABEL UUID MOUNTPOINT
sda
├─sda1 ext2 0b851969-281e-4db2-8a5b-3798e801711b /boot
├─sda2
└─sda5 crypto_LUKS cfcf63ef-448a-4f72-9f58-8f7731cf3dfc
└─sda5_crypt LVM2_member 21CS3f-SQeQ-XcMr-kyDs-OPtR-egmT-HkvJAu
[Code] ....
sda is what I currently run to write this text, sdb is my former harddrive, connected via USB.
I want to access the root partition on sdb.
The problem is:
Code: Select allcryptsetup luksOpen /dev/sdb5 oldhd
Enter passphrase for /dev/sdb5:
root@x200s:/home/b# ls /dev/mapper/
control oldhd sda5_crypt x200s--vg-root x200s--vg-swap_1
root@x200s:/home/b# mount /dev/mapper/oldhd /mnt/
[b]mount: unknown filesystem type 'LVM2_member'[/b]
[Code] ..
Before all this, both sda and sdb where in the same volume group. I renamed the volume group of sdb to "oldDisk"
using
Code: Select allvgrename <UUID> oldDisk
How I can access the data on the root filesystem of my sdb..
I need to move a LUKS encrypted partition to the end of a harddrive to expand another partition. Does anyone know how to do this?
Is it possible to do this with other partition editing programs?
Gparted doesnt support LUKS/LVM
I'm planning a fresh F13 install, with separate partitions for /boot, /home, /tmp, /, and swap. All but /boot will be logical volumes, and I'd like to encrypt all but boot. If I encrypt the underlying partitions, is there any reason to also encrypt the logical volumes themselves?
my system will be:
HP dv6-3040us Pavillion laptop
AMD Phenon II
4GB DDR3
I'm having a problem auto-mounting a new luks partition. I have crypttab and fstab entries. I already have my primary encrypted partition (root) mounting at boot (from the install), but after creating this one manually, it does not open on boot. It auto-mounts when I run the following command manually after boot: sudo luksOpen /dev/disk/by-uuid/<uuid> mycrypt
/etc/crypttab entry:
personalcrypt /dev/disk/by-uuid/a1af5b7b-db58-4690-b586-b74407795e2c none luks
/etc/fstab entry:
[code]...
I just installed the testing version of Debian with the option to setup encrypted home directories. I used a passphrase that I now want to change to something else. How do I do that?
View 4 Replies View RelatedI keep my /boot partition on a usb stick, where i keep the keyfile as well. I already generated the keyfile and added it to the LUKS LVM partition.Right now, on bootup I get a nice GUI to enter my 40 character password which is nice but a little tedious What do i need to modify for the system to automatically unlock the partition with the keyfile that is stored on the /boot partition
View 4 Replies View RelatedI like to do a minimal install, and then run some of my own scripts to install the rest of the packages I need, so to keep a lean system. When installing F14 with a partitioning scheme as follows:
Code:
/boot - 500MB
LVM
- swap - 2048 MB
- / - 15GB
- /home - Rest of file system - Encrypted
Everything works fine and the encryption works with no problem. However, as a friend pointed out to me, if you partition as follows:
Code:
/boot - 100MB/ - Rest of filesystem - Encrypted You are not able to boot the system when doing a minimal install. Meaning: you get up to the point to where you need to enter your password to decrypt the filesystem, and then nothing but..., well, nothing. However, and here it gets interesting, if you use the same partition layout, and you install the "Graphical Desktop", everything works fine. As I can not understand why this happens, I am currently testing a partition setup like so:
Code:
/boot - 100MB
LVM - Encrypted
- / - Rest of filesystem
Just to see if that works.
Anyhow: to make a long story short: It seems that the minimal install "forgets" to add some packages which are needed to decrypt the filesystem. Does anyone know which package this could be or why this occurs, so it can be added as part of the minimal install?
I have a LVM logical volume, that contains a LUKS encrypted volume, on which is an ext4 filesystem. I shrank the partition to the minimum size. Next step is to luksClose the device, and then to resize the LVM logical volume. I suspect that LUKS has overhead. So if the ext4 filesystem was resized from, say 1TB to 500G, I have the idea that resizing the LVM LV to 500G does not take LUKS overhead into account and this might corrupt data on the end of the FS. So, what's the smart move to take? How do I calculate the safe minimum LV size? Or should I just give the 500G disk a few gigabytes extra to be sure?
View 4 Replies View RelatedI installed 4 encrypted partitions (/, /var, /tmp, and swap) that are mounted at boot using the Alternate Installation Disc, and they all have the same password, but I have to type that password in 4 times when booting up. How do I make it so I only need to type in my password once?
View 1 Replies View RelatedSo I was testing to see what would happen if I tried to open a root shell in recovery mode, WITHOUT having first activated the root-user account (I only installed the system two days ago). I used my ordinary password and was expecting to see something like "Invalid password" or some such message. To my surprise, I got a root prompt. Thinking that this may just be how it works with recovery mode, I tried logging out of my X session and logging back in as root, thinking (or at least hoping) that it wouldn't work. But it did.
View 9 Replies View RelatedI have an external 300GB (Toshiba) disk which I encrypted (using cryptsetup luksFormat) and then installed an NTFS filesystem on (need to be able to use it in both Linux and Windows - using FreeOTFE). The disk mounts fine in windows and on my Fedora 10 system it automounts.
I can manually mount it on the RHEL5.3 system, and gnome-mount gets as far as recognising that it is encrypted and asking for the key, but it doesn't then mount it - I then have to manually mount the /dev/mapper/luks... device.
Does anyone know how to do this - if it works in Fedora 10 it ought to be possible to get it to work in EL5.3 I'd have thought.
I have a setup that looks like this
[Code]....
and I'm dumped into recovery mode. However, if I remove these mounts from /etc/fstab via comments, I can wait for the system to boot (which it does very quickly) then mount the mapper devices myself. So what is going on? Has something changed wrt logical volumes, or is this just systemd? I can live with manual mounting, but any advice on resolving the automatic mounting situation would be great.
[Code]....
Has anyone tried encrypting the boot partition to prevent the kernel from being modified. Iv tried following this but I'm running into issues when building. [URL] Im using the source from bzr checkout [URL] Last time I tried I screwed grub and it wouldnt boot.
View 9 Replies View RelatedCan't start Ubuntu, stops after first password. I can access files on my encrypted partitions with LiveCD but I wonder if I can install Ubuntu and still have access to the encrypted drives as I can with LiveCD?
View 1 Replies View RelatedWhile setting up my laptop on a new hard drive (a bad mobo caused writes which pretty much rendered teh old hdd unusable) I was asked if I wanted to encrypt my home partition.
I've been wanting this for several years - even going as far as trying to get a copy of CheckPoint. That's waht my organization uses on all Wintendo laptops and is required.
In any case, I said "yes" and am happily using my laptop with an encrypted home partition. I'm assuming based on this - [URL] - that it is using EncryptFS as the scheme.
if I were to misplace my laptop, how easy would it be for a forensics team to retrieve my data. Let's assume I have a fairly strong passphrase, such as BisZumBitterenEnd3. [URL]
I had some major problems after the recent Ubuntu upgrade and had to boot from a live cd. I have a separate /home partition, but it was encrypted using the default install encryption in the 9.10 install cd. How can I get to my files so I can back them up?
I have tried this but it did not work: http://ubuntuforums.org/showthread.php?t=1337693
I have to operating systems installed, Ubuntu 10.10 and Windows 7, working perfectly. I also have a partition, currently empty, to be shared between both OS, but I would like that partition to be encrypted.
View 2 Replies View RelatedHello everI'm really confused by the ways an encrypted partition get mounted.It just mounts the partition without asking for the passphrase used to create it. I can list the files in /mnt/sda2, create a new file test.txt, but have no access to the files written to the "real encrypted partition".Then I can see/change the content of the encrypted partition but without being able to see/change the file test.txt created previously with the normal mount command.
The reason I'm asking is that I'm having my custom Debian to automount every partition available on the system at boot time. Is there any way/command to tell if a particular partition is encrypted (by cryptsetup) or not? So that I can mount it the right way and not make the users confused (or even harm the encrypted data).
I have recently recovered from an HDD failure on my Drobo. One of the disks died and corrupted the entire array (which is not supposed to happen). I have since managed to copy the data off onto smaller disks and after replacing the failed drive, have copied everything back.
Now that im up and running again, i was wondering how this situation would play out on encrypted disks, or in the case of a drobo a large encrypted partition (as you cannot encrypt the entire array).
Would i still be able to recover the data if i were to encrypt it? It is a 4.2TB array, and i assume that I would need to copy the data in its entirety to recover it, so using multiple smaller disks would be out of the question right?