General :: Use A Keyfile On A Removable USB Drive For Encrypted Root In Debian?
Jun 6, 2010
Recently set up root encryption with a couple of LVM volumes inside one LUKS volume, and I am just a little confused as to how I would go about getting it to automatically unlock using a keyfile stored on a USB flash drive, I presume I would have to put the drive in the fstab inside my initramfs (if there is one), and add a hook for USB device support.
But I digress, essentially, I want to know what I have to do to enable my LUKS volume (containing all of my partitions sans /boot) to unlock using a keyfile stored on a USB flash drive, rather than a manually entered passphrase.
View 2 Replies
ADVERTISEMENT
Jul 13, 2010
I keep my /boot partition on a usb stick, where i keep the keyfile as well. I already generated the keyfile and added it to the LUKS LVM partition.Right now, on bootup I get a nice GUI to enter my 40 character password which is nice but a little tedious What do i need to modify for the system to automatically unlock the partition with the keyfile that is stored on the /boot partition
View 4 Replies
View Related
Oct 18, 2010
I can't seem to get an encrypted partition to recognize a keyfile. It is a backup partition that I would like to keep unmounted until a cron-script runs once a week to backup my sensitive data. In order for the script to run without my assistance, I thought I'd use a keyfile to authorize the mount.
So far I've created a keyfile and have added it to the partition using "luksKeyAdd". It didn't really say it was successful, but when I do a luksdump, it shows that another key slot has been enabled, so I believe it worked. After that I created a /etc/crypttab file with the following:
Code:
backup_sdd1 /dev/sdd1 /root/backup luks
/dev/sdd1 being the backup partition, and /root/backup being the keyfile
After rebooting, I am still prompted for a password when trying to mount the encrypted partition (sdd1), and there is no device "/dev/mapper/backup_sdd1" created like I believe there should be. I haven't added any entries to fstab, as I don't want this partition to mount at boot.
View 5 Replies
View Related
Dec 15, 2010
I have two questions regarding auto mount function of Truecrypt. First question:
I want to automatically mount my flash drive encrypted by Truecrypt using a keyfile whenever I plug the drive. How can I do this? I use Ubuntu 10.10.
Second question:
As I do not know the answer of my first question, I currently use following command in a startup script to mount my encrypted flash drive automatically at every system start-up.
Quote:
/usr/bin/truecrypt -k ~/keyfile --auto-mount=favorites
My problem with this method is, Truecrypt always search for the drive in the same path saved in favorite drives list, e.g. /dev/sdb1. However sometimes there are more than one flash drive plugged to my computer and my encrypted drive's path changes. In such cases Truecrypt cannot mount my encrypted drive because it cannot find the drive in its path.
As a workaround I tried "auto-mount=devices" parameter. It is slow because it checks every mounted drive, and some of them external hard disk big in size. Moreover it does not recognize any mount point parameter. I'd like to mount the drive to the same mount point every time.
Quote:
/usr/bin/truecrypt -t --auto-mount=devices -p "" -k ~/keyfile /media/MyMountPoint
The command above mounts the drive however it is slow and to the destination of "/media/treucrypt1".
View 3 Replies
View Related
Nov 18, 2010
I have a Truecrypt-encrypted Windows [system] partition, that I want to be opened and mounted automatically (using a keyfile) when I log into Debian, since it is also encrypted and I don't want to type two passphrases. It think this could be done with LUKS. With TC I probably have to go with the CLI, but haven't figured it out yet. And I can't add a keyfile to the volume using the GUI. In order to mount the volume I have to tick the Mount partition using system encryption (preboot authentication) checkbox, or otherwise I get Incorrect password or no TrueCrypt volume found. And same when I try to add a keyfile.
View 2 Replies
View Related
Sep 13, 2010
ok I am using Debian 4 bigmem and I set up static ip for my box. This is for a class and we will be moving the hard drives around the lab to different computers. My question is what do I configure to get Debian to be ok with my using different nics at different times.
My first time I used it, I had eth0, but now I'm on a different computer (same type of hardware on all systems) but my nic is now eth1... And I had to set up static again for that nic. How can I have it just maintain a static ip for whatever nic/mac address on the computer that my hard drive happens to be put on?
View 1 Replies
View Related
Mar 16, 2011
I have 2 USB drives connected to an XP machine that I rotate twice a month for backups. On my CentOS box, I have that drive mounted at /home/backup using cifs.
Because the drive is mounted on the Linux box, Windows XP complains when I try to "Safely Remove Hardware". As a result, I have to "umount /home/backup", then "Safely Remove Hardware". After connecting the new drive, I then have to "mount /home/backup" in order to use it again on the Linux box.
Now, this question may be a Windows XP question, but I was wondering if there is anything I can do on the Linux box first. Is there anything that can be done on either end, so that I won't have to "umount /home/backup" first?
View 2 Replies
View Related
Oct 19, 2010
I have an internal disk with Linux installed and a removable drive bay for swapping out my windows disks. I'd like to get grub to map one option to the bay and be able to boot whatever disk is in there.
Right now it's mapped by id "/dev/disk/by-id/ata-ST3250310AS_6RY00KB61" but I noticed there is a by-path option. I am not sure how to use it and the documentation isn't very detailed. Is by-path a good way to do this or is there some other way to get this to work?
View 4 Replies
View Related
Jan 7, 2011
my laptop, which i run ubuntu on, is getting a bit old and i find it's getting slower and slower at running applications. My desktop computer is stronger, but I can't give up on the portability of my laptop.I was thinking of installing a HD drawer for both my laptop and desktop. and when I come home just pull the HD from the laptop and plug it into the desktop.
View 1 Replies
View Related
Jun 1, 2013
I'm a long time user of Debian, but I'm having trouble with my partitioning process. Here is where I currently stand:
I am installing the latest Wheezy build. I am trying to install debian with an encrypted LVM that spans two hard disks.
My partitioning layout is as:
1. /home
2. /root
3. swap
4. /boot
I then added partitions 1, 2 and 3 to a physical volume group. I then took that physical volume group and added it to a logical volume. Then I encrypted the logical volume, leaving the /boot partition untouched. I was under the assumption that the only partition the system needed free to reach the loading of the LVM is the /boot partition, as it holds the files necessary for booting. But when I attempt to finalize the disk, it gives an error stating, "No root file system detected". That would be an issue as it is currently sitting inside the encrypted LV. Am I wrong in including the root partition in the encrypted LV?
What is the best way of having as little of my file system non-encrypted as possible while still allowing a proper boot?
View 9 Replies
View Related
Oct 26, 2010
I've installed Squeeze on a USB stick, but can't get it to boot. I've had this problem before and gave up last time. I installed on an encrypted LVM - here is the grub.cfg
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by /usr/sbin/grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
[Code]...
I added rootdelay=10 and switched root from hd1,1 to hd0,0 as suggested elsewhere. Still no go, i jsut get dumped into ramfs shell with an error message saying that /dev/mapper/crunchbang-root doesn't exist.
View 1 Replies
View Related
Jun 25, 2010
My laptop has only Debian on it. Except for /boot, the entire hard drive is a giant encrypted LVM partition. It takes Clonezilla 13 hours to back up to a USB hard drive without verification, long enough to make sure backups aren't done much. Is there some way to make an encrypted bare-metal backup of only what is used (except swap) instead of every sector? Backing up across the LAN would be ok.
View 6 Replies
View Related
Apr 30, 2016
I installed Debian 8 Jessie with full disk encryption and chose to have everything on the same partition. After install, I notice that my 8GB laptop has a 16GB swap. Is there a way to reduce the swap to 8GB (or maybe 4) whilst not affecting the encryption?
I have a 1TB HDD so space is not an issue but I dislike such waste. The setup used LVM.
View 2 Replies
View Related
Dec 30, 2015
I want to move my old system to a new drive. Currently I have Debian installed with following configuration:
I have an encrypted system where everything is encrypted except /boot. Currently I've /boot and / installed on a 16 GB mSata SSD and /home on a regulard HDD. I've got a 500GB SSD for Christmas and want to move the whole system to the new SSD.
I just wanted to ask if I've got the process required to to this down:
1. backup root-directory (/) without and /boot /home using tar keeping file-permissions and owners to ext. hard drive
2. backup /boot and /home separately using the same method
2. replace HDD with SSD remove mSATA SDD.
3. boot via live-usb
4. create appropriate volume groups, partitions, setup encryption etc.
5. extract backups to appropriate partitions
6. chroot to old /.
7. edit fstab
8. reinstall grub
9. create new init ram img.
I'm pretty sure I've got steps 1.-6. down but I'm very shaky on what to do next.
View 0 Replies
View Related
Jul 6, 2015
I have install a debian jessie in my laptop, i create a lvm volume with /, /home, etc and a /boot partition outside. the i move this partition to the lvm volume and boot from it, everything it´s okay and it works.
The problem is that wen boot it ask me the passphrase to load grub, and then, when grub loads the kernel, it ask me again the passphrase.
I read that i can pass a key file to the initramfs to solve this, but where i see it, he uses mkinitcpio, and i can´´t find this package in the debian repos, it an arch package, also i tried this option [URL] ...
But it asking me the passphrase 3 times, and the third fails, the sistem starts, but i read the fail in the log.
View 1 Replies
View Related
May 26, 2010
i using policy kit to restrict removable mounting to prompt for root password, but on 11.2, I am unable to do so.i read out, ver 11.2 not longer using hal and policykit, rather sth like freedesktop.org policy.
View 9 Replies
View Related
May 17, 2009
I used to have all my mp3s, photos, etc. on a Seagate "Freeagent" removable USB drive and share it over a Windows network. We've gone all Linux in the house and I tried to export the same drive over NFS (got the NTFS support installed, ntfs-3g) but get this error:
Code:
Starting NFS services: exportfs: Warning: /media/FreeAgent Drive does not support NFS export.
View 14 Replies
View Related
Oct 12, 2010
I recently downloaded Ubuntu 10.10 and installed it onto a 250gb removable disk using a 240gb ext4 partition and a 10gb swap space.
I am using a Sony VAIO (VPCF115FM) and it would appear that my BIOS is very limited as to bootup options. I can only choose internal HDD/external device/network/CD Drive. I cannot check whether or not my BIOS is able to recognize the external ext4 (but from experiences so far it would seem that it cannot)
After much tinkering i got my internal windows 7 to recognize the drive as ext3 (Used ext2 volume manager to add a registry entry for the drive). However, I need to unplug and replug in the drive for it to be recognized, if i leave it plugged in from booting it shows up as unrecognized.
Summary: I would like to be able to boot up Ubuntu off this external drive, but as of now it would appear that my BIOS is unable to recognize the drive. Windows can recognize it as ext3, and I can access contents of the ubuntu partition from windows.
how I could get this working that would be fantastic, i've tried formatting the drive to other filesystems (ext3,ext2,XFS) but none of them would work either, so any information would be sweet
View 4 Replies
View Related
Nov 7, 2010
I'm guessing that when one purchases music that the file first goes to 'cloud storage' and then to sync with Rhythmbox? I would like to see that as an option. I personally would rather the file(s) be downloaded straight to my laptop. B'cause once I get my server up and running I would have the local storage space of my own to grab the files from, and redundancy with backed up partitions if some files would get messed up. I enjoy using Ubuntu OS. I don't use Windows anymore, or OS-X, so using iTunes isn't an option for me.
I wait for the day that I can trade up from this iPhone to an Android. I like the way that a pc would see an Android phone as a removeable drive so instead of syncing. I just prefer to drag/drop or copy/paste music files, rather than syncing.
View 2 Replies
View Related
Jul 8, 2011
I have a samsung removable hard drive, which have 3 fat32 partitions on it. When I plug into the usb. nothing happened and i just see a sdc was added in /dev/...so, there's nothing wrong with the drive, because i can use it on windows and ubuntu.
View 10 Replies
View Related
Apr 30, 2010
After upgrading to 10.04 today, booting halts with the drive unavailable for mounting S to skip bla bla message. The drive in question is an Ipod, and didn't see it in fstab or mtab.
View 1 Replies
View Related
Sep 13, 2010
I am using Debian 4 bigmem and I set up static ip for my box. This is for a class and we will be moving the hard drives around the lab to different computers. My question is what do I configure to get Debian to be ok with my using different nics at different times. My first time I used it, I had eth0, but now I'm on a different computer (same type of hardware on all systems) but my nic is now eth1... And I had to set up static again for that nic. How can I have it just maintain a static ip for whatever nic/mac address on the computer that my hard drive happens to be put on?
View 5 Replies
View Related
Jan 27, 2016
I think my root drive is 100% full causing strange problems with my video server. What steps can I use to see what's taking up the room on the drive and perhaps identify files that can safely be deleted?
Code: Select allroot@lenny:/# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda2 55G 53G 0 100% /
udev 10M 0 10M 0% /dev
tmpfs 793M 1.1M 792M 1% /run
[code]...
View 14 Replies
View Related
Oct 2, 2009
After my cloning problems this morning were resolved, I have been able to complete conversion of the clone to run from an encrypted root partition. However, I have been unable to enable selinux when running from the encrypted root. /etc/selinux/config contains the settings that work on my unencrypted system
SELINUX=enforcing
SELINUXTYPE=targeted
and it is not disabled from the grub bootline, but the encrypted system always comes up with selinux disabled. Attempting to enable it with the command setenforce 1 fails, and to add insult to injury, the selinux administration-gui shows that it is enabled and enforcing. The cloned, now encrypted, system was cloned via rsync -aHXv, so the selinux contexts/attributes have been maintained as near as I can tell. I did have to disable selinux while performing the rsync of the /selinux directory in order to get it to copy and I am wondering if there was still some issue with this method.
I know some of you are running from encrypted root fs's and was wondering: Do you have selinux enabled and is it functioning properly? Any suggestions as to how I might jumpstart it or force it to run? Maybe I should boot into the system and uninstalling/reinstalling selinux?
View 3 Replies
View Related
Oct 27, 2015
I use Debian 8.2 without DE. I can mount removable devices (USB sticks, external HDDs) manually using mount/umount to specific folders under /mnt or /media. But I want them mount automatically when plugged-in as /media/disk-label. Also I want to be able safely remove already mounted devices without data loss.As I understand, I need to create custom UDEV rule and associate it with mount/umount scripts. E.g. mount script
Code: Select all#!/bin/sh
mount_point=$ID_FS_LABEL
if [ -z $mount_point ]; then
mount_point=${DEVNAME##*/}
fi
# retrieve gid of the plugdev group and set it as owner of mountpoint
plugdev_gid="$(grep plugdev /etc/group|cut -f3 -d:)"
if [ -z $plugdev_gid ]; then
[code]....
Is this safe and correct approach or it is better to use something else?
View 3 Replies
View Related
Jul 12, 2010
I try to encrypt root file system on Opensuse 11.1 and I have found up to two possibilities.
1. [url]
2. [url]
In the first case, i have a Problem with entering password, for each partition on encrypted disk, i must enter my password.(For 3 partition 3 times)
And in the second version to get i nowhere.
Code:
View 5 Replies
View Related
Dec 17, 2008
I am trying to get Slackware 12.2 running on a system with two identical harddiscs using RAID-1, LVM and LUKS.
Here is what I get:
Code:
The system is still the same, however, the results of upgrading or installing 12.2 are different. The system refuses to boot. The screen messages during boot seem to suggest, that the RAID system is "seen" by the system, but the encrypted filesystem is not.
I can boot with the installation DVD, however, and
Code:
View 14 Replies
View Related
Jul 20, 2015
I'm going traveling and I had the bright idea of putting my sensitive and irreplaceable files on an sd card. Then if I leave my stuff in a sketchy hostel for the day, I can easily take the card and might lose only a replaceable netbook. The problem is that I want some files to have 600 permissions (rw-------), readable and writable only by owner.
But no power on earth seems to be able to force a fuse-ified filesystem to pay attention. Whether I try "chmod 600 filename.txt" as the owner/user or as sudo makes no difference. Nothing works. The sd card is mounted with a line in /etc/fstab:
Code: Select allUUID=0000-0000 /mnt/64_GB_sdxc exfat auto,rw,user,exec,uid=1000,gid=1000,dmask=0022,flush,fmask=133 0 0
So the user owns the files and they have typical permissions instead of the automounted default of 700. That's all very nice, but I'd like to be able to change permissions on just a few files!
View 3 Replies
View Related
May 29, 2010
Quote:
Currently when I insert a removable device, it is auto-mounted as readonly. To use it I have to do this every time.
Code:
sudo umount /dev/xxx
pmount xxx
This applys to every removable device I have, and did not exist on my previous distro. Debian amd 64 Squeeze [URL]
View 5 Replies
View Related
Dec 2, 2010
I like to do a minimal install, and then run some of my own scripts to install the rest of the packages I need, so to keep a lean system. When installing F14 with a partitioning scheme as follows:
Code:
/boot - 500MB
LVM
- swap - 2048 MB
- / - 15GB
- /home - Rest of file system - Encrypted
Everything works fine and the encryption works with no problem. However, as a friend pointed out to me, if you partition as follows:
Code:
/boot - 100MB/ - Rest of filesystem - Encrypted You are not able to boot the system when doing a minimal install. Meaning: you get up to the point to where you need to enter your password to decrypt the filesystem, and then nothing but..., well, nothing. However, and here it gets interesting, if you use the same partition layout, and you install the "Graphical Desktop", everything works fine. As I can not understand why this happens, I am currently testing a partition setup like so:
Code:
/boot - 100MB
LVM - Encrypted
- / - Rest of filesystem
Just to see if that works.
Anyhow: to make a long story short: It seems that the minimal install "forgets" to add some packages which are needed to decrypt the filesystem. Does anyone know which package this could be or why this occurs, so it can be added as part of the minimal install?
View 4 Replies
View Related
