SUSE / Novell :: Encrypted Root With LUKS On LVM And RAID-1 ?
Apr 15, 2009
OpenSuSE 11.1 is by far the best SuSE version in a long time. It's generally up to competition or ahead of it. It's admirable, how thoughtful this system is set up, and how clean and fast it is compared to its predecessors. It ssems, that SuSE is fighting its way back to where they came from before the Novell "merger."
Having said that, it is even harder to understand, IMHO, why the installer doesn't support encrypted root partitions. Of course, there is a manual solution:
http://en.opensuse.org/Encrypted_Roo...ith_SUSE_HOWTO
However, this HOW-TO doesn't explain how to combine LUKS encryption with LVM on a RAID-1 system, as described for Slackware 12.2 here:
[url]
[url]
Is there a similar guide anywhere available for OpenSuSE 11.1?
If not: Would it be possible to do all the low-level setup work, like partitioning, setting up the logical volumes and encrypting everything, with Slackware, following the document above, and then install OpenSuSE 11.1 on that system? Would that work?
View 5 Replies
ADVERTISEMENT
Dec 17, 2008
I am trying to get Slackware 12.2 running on a system with two identical harddiscs using RAID-1, LVM and LUKS.
Here is what I get:
Code:
The system is still the same, however, the results of upgrading or installing 12.2 are different. The system refuses to boot. The screen messages during boot seem to suggest, that the RAID system is "seen" by the system, but the encrypted filesystem is not.
I can boot with the installation DVD, however, and
Code:
View 14 Replies
View Related
May 20, 2010
Anyone had any experience with unlocking a LUKS encrypted root partition via ssh? It is ok to leave /boot unencrypted.
There are a few pages from google with the debians variants, archived by putting dropbear into initrd.
I like to do that with my fedora/centos remote servers, but struggle to find any resources specific to it. Anyone has any suggestions and thoughts as to what might be a suitable way forward?
View 2 Replies
View Related
Feb 11, 2010
I just installed a clean install of suse 11.2. I then installed acct, using yast2.
Finally I did:
sudo /sbin/chkconfig psacct on
sudo /etc/init.d/psacct start
So far so good. The problem is that if I know do:sudo /usr/sbin/sa I only see root processes. None of the user processes seem to show up. If I run it with -m flag, I just see a total and a root row, no users show up at all. But I do have user accounts on the machine, and I am working in one of them (only root when necessary).why, or what to do about it? Is there something else that has to be configured? As I understand it, sa -m should show a summary for all users, not just for root. I want to be able to see how much time different users are using.
View 1 Replies
View Related
Nov 6, 2010
How can I allow root logins using kde gui 4.5.3 on opensuse 11.3 ? Currently the gui says "root logons are not allowed" Rpms installed see listing [1]
[1]
# rpm -qa | grep -i kde |sort
NetworkManager-kde4-0.9.svn1184295-5.2.x86_64
NetworkManager-kde4-libs-0.9.svn1184295-5.2.x86_64
NetworkManager-openvpn-kde4-0.9.svn1184295-5.2.x86_64
NetworkManager-pptp-kde4-0.9.svn1184295-5.2.x86_64
[Code].....
View 4 Replies
View Related
Jan 21, 2010
When accessing terminal; it keeps asking me for my root password....how do I find it? I don't remember it; all the passwords that I thought were the right ones did not work. When I typed password after root password, nothing showed as I typed.
View 7 Replies
View Related
Jan 21, 2010
I am a layman to suse Linux. I have installed suse linux 10.2, I forgot the root user name n password. I went through some of the existing threads regarding this issue but in no avail.I dono wat boot-loader I'm using there is no sign of any boot-loader (either grub nor llo).I tried ma hand in fail-safe mode also, it is also asking for login id. Is there any way to reset the same. As I have some imp file inside.
View 6 Replies
View Related
Jul 12, 2010
I try to encrypt root file system on Opensuse 11.1 and I have found up to two possibilities.
1. [url]
2. [url]
In the first case, i have a Problem with entering password, for each partition on encrypted disk, i must enter my password.(For 3 partition 3 times)
And in the second version to get i nowhere.
Code:
View 5 Replies
View Related
Jun 13, 2010
Accidently ran rm -rf while the pwd was /home/user-name
Now I'm unable to run any command whatsoever as root, ls,vi,cnf whatever, they don't work.
However the commands work as normal user.
I can guess that the files with root ownership in the home folder were deleted but I would like to revert everything back to normal and would like to know how to solve this problem.
View 5 Replies
View Related
Dec 23, 2008
I just installed opensuse 11.1 with only the standard user account, not root account. Therefore, my question is regarding this ... is safe running linux with no root account? Should I create a root account for adminstrative purposes? If so, how can I do that?
View 3 Replies
View Related
Jun 9, 2009
We have a server for which the root password had been lost, and there were no other user accounts set up. Yesterday evening I attempted to reset the root password by booting from the install CD and using VI to clear the root password in the passwd and shadow files. I then rebooted, and the system has halted with an 'FSCK failed. Please repair manually and reboot' error, with a prompt to 'Enter root password' below. But of course the root password isn't known (I had expected it to blank after editing the passwd and shadow files, but it doesn't work), so I have no way of logging on.
View 6 Replies
View Related
Oct 4, 2010
I recently tried a frugal/poor mans install of knoppix that I placed in a folder in the root partition of /home (hda7) in opensuse 11.3. I decided to delete the folder and contents. The hard drive was busy for several minutes and after it was finished, I checked the disk usage and found that / was at 97% capacity, up from what was 10gig of free space. I could not find any traces of the deleted folder or its contents, so I used puppy linux and ran e2fsck on the / partition. Puppy linux reported 1.9gig free space and opensuse reported .5gig free space. My concern is if the deleted folder is taking up space in the root partition that I can not locate and why the difference in reported disk space usage in hda7. Also, if more packages are installed, where are they placed (/ or /home)?
View 3 Replies
View Related
Oct 31, 2010
We have a SuSE/SLES 9 server that boots from a fibre channel card, using volumes from a NetApp filer.
We previously had the server booting from the LUNs on the filer, but after some tinkering around with the fibre channel BIOS, we have the situation where the LUNS seem to be mounted, the OS boots, starts to initialise everything but then stalls, saying:
We have tried loads of combinations of settings in the BIOS and fibre channel BIOS without any success or any idea what may have caused the error.
View 4 Replies
View Related
Jun 8, 2010
I initially installed SuSe11.2 with /tmp mounted on separate partition on another physical disk( there are two physical disks). Now I want to attach disk with existing SuSe11.2 to another motherboard so I would like that /tmp becomes part of the root partition. Will deleting /tmp mount point in /etc/fstab create automatically new /tmp from root at next startup, or something else has to be done to achieve, that in future, /tmp resides on root partition instead? In this way it would be much easier to move the disk with SuSe11.2 to another motherboard.
View 3 Replies
View Related
Aug 2, 2009
I am relatively new to Linux and Opensuse. I created the / root partition and now it is growing and maxing out. I have partitioner available to me but how do I change the partition size when the root partition is mounted. Do I login as root and then umount or modify fstab and restart and change from command line or do I format and reinstall everything? I have room to expand but not sure how to manage this?
View 4 Replies
View Related
Oct 18, 2010
I can't seem to get an encrypted partition to recognize a keyfile. It is a backup partition that I would like to keep unmounted until a cron-script runs once a week to backup my sensitive data. In order for the script to run without my assistance, I thought I'd use a keyfile to authorize the mount.
So far I've created a keyfile and have added it to the partition using "luksKeyAdd". It didn't really say it was successful, but when I do a luksdump, it shows that another key slot has been enabled, so I believe it worked. After that I created a /etc/crypttab file with the following:
Code:
backup_sdd1 /dev/sdd1 /root/backup luks
/dev/sdd1 being the backup partition, and /root/backup being the keyfile
After rebooting, I am still prompted for a password when trying to mount the encrypted partition (sdd1), and there is no device "/dev/mapper/backup_sdd1" created like I believe there should be. I haven't added any entries to fstab, as I don't want this partition to mount at boot.
View 5 Replies
View Related
Jun 30, 2010
I have a really tricky and may be intresting problem with a encrypted disk partition (cryptsetup luks...) which was fine until it accidentally got re-formatted by an instance of Windows 7. Most of the data on that 1TB-disk will probably still exist, only the LUKS header at the very beginning of the partition is - of course - gone.
So when I try to open the container, it gives no verbose, just the return value 234.
I scanned the whole partition for other LUKS headers with hexedit, none there. But, luckyly I have another partition which is encrypted in the exact same way with the exact same passphrase (which I remember very well!), so I had an idea: I copied the LUKS header (592 bytes) from the other LUKS encrypted partition over to the damaged partition.
When I now issue
Code:
Code:
No key available with this passphrase
Here is the command how I created the container:
Code:
How do I get the existing passphrase accepted by LUKS?
View 9 Replies
View Related
Feb 1, 2016
I have two basically identical harddrives that are encrypted with LUKS containing a complete debian installation:
Code: Select allroot@x200s:/home/b# lsblk --fs
NAME FSTYPE LABEL UUID MOUNTPOINT
sda
├─sda1 ext2 0b851969-281e-4db2-8a5b-3798e801711b /boot
├─sda2
└─sda5 crypto_LUKS cfcf63ef-448a-4f72-9f58-8f7731cf3dfc
└─sda5_crypt LVM2_member 21CS3f-SQeQ-XcMr-kyDs-OPtR-egmT-HkvJAu
[Code] ....
sda is what I currently run to write this text, sdb is my former harddrive, connected via USB.
I want to access the root partition on sdb.
The problem is:
Code: Select allcryptsetup luksOpen /dev/sdb5 oldhd
Enter passphrase for /dev/sdb5:
root@x200s:/home/b# ls /dev/mapper/
control oldhd sda5_crypt x200s--vg-root x200s--vg-swap_1
root@x200s:/home/b# mount /dev/mapper/oldhd /mnt/
[b]mount: unknown filesystem type 'LVM2_member'[/b]
[Code] ..
Before all this, both sda and sdb where in the same volume group. I renamed the volume group of sdb to "oldDisk"
using
Code: Select allvgrename <UUID> oldDisk
How I can access the data on the root filesystem of my sdb..
View 2 Replies
View Related
Jan 15, 2016
Is it better to install LUKS to raw disk (/dev/sdb) or disk partition (/dev/sdb1)? What are best LUKS options?
"cryptsetup benchmark" output
Code: Select allPBKDF2-sha1 1310720 iterations per second
PBKDF2-sha256 862315 iterations per second
PBKDF2-sha512 590414 iterations per second
[Code] ....
Is slow hash better or how to choose it? It is clear that aes-xts is best choise. Is 265 bit key good?
View 3 Replies
View Related
Nov 8, 2009
I need to access /etc/modprobe.d on an encrypted LVM LUKS partition. I m not sure how to go about it though. Mount usually handles my mounting needs, do I need to decrypt the physical volume first? LIst of commands need would make my day.
View 1 Replies
View Related
Aug 18, 2010
I run fedora 13 on my laptop (dual boot with Windows 7) and I just created a new partion to hold sensible data, encrypted with LUKS. I followed this tutorial for creating it.Now, everything went well and the new partition works well. But I needed something a little different from what the tutorial suggested, because I don't want the partition to be mounted on the system each time it boots, but I would (unlock and) mount it manually when I need it.
To do so I just didn't follow the Tutorial steps from 7 to 13, thinking that without the changes to crypttab and fstab the partition wouldn't be even touched by the start up process. And that's partially true: the partition isn't mapped nor mounted in the system when I boot, but the problem is that it however keeps asking for the passphrase to unlock it even if it doesn't get mounted or mapped.It just asks for it before the system loads all it's parts (udev, filesystems, etc) and I can't understand why, what it uses it for if it doesn't unlock it.So my question is: why does it ask for the passphrase to unlock luks if I haven't set crypttab and fstab to mount the partition on start up?
View 2 Replies
View Related
Aug 30, 2010
I have encrypted a partition while installing Fedora 13, and I need to disable its automount - I will mount those manually.
But even though I commented out the corresponding line in /etc/fstab, I am still asked for the passphrase for the partition at startup.
How to completely disable this behaviour - and how to mount the partition manually afterwards?
View 5 Replies
View Related
Apr 2, 2011
I recently installed OpenSUSE 11.4 64 bit with GNOME yesterday and everything is going fantastic. I like it much better than Ubuntu 10.10 64 bit Maverick Meerkat because it is much more stable, reliable, and dependable. I own a heavily modified ASUS N61JV-X2 notebook PC. I installed OpenSUSE using the LVM based method and LUKS encryption. When I turn on the power to my notebook PC, it asks me for my password to decrypt my Intel 2nd Generation 160.00 GB Solid State Drive. I expected this behavior. However, I never get to see the OpenSUSE login screen. After I type in my password to decrypt my SSD, it loads up the desktop immediately. How do I configure my OpenSUSE so that I can see the login screen so that I can select my standard user profile and enter the user password to login?
View 9 Replies
View Related
May 16, 2011
I need to move a LUKS encrypted partition to the end of a harddrive to expand another partition. Does anyone know how to do this?
Is it possible to do this with other partition editing programs?
Gparted doesnt support LUKS/LVM
View 1 Replies
View Related
Jan 3, 2010
I'm just wondering - what is the best way to set up your encrypted volumes with dm_crypt and LUKS?
My understanding was that aes-lrw ws better than aes-cbc - and then I stumble upon [url] which says that LRW has some problems, and XTS is better? I dont know enough about encryption theory to be able to say anything, so i'm hoping some folks more enlightened will be able to say something here.
I was previously using aes-lrw-benbi to set up a volume. If xts is truly better - should i be using '-c aes-xts-benbi' then?
View 4 Replies
View Related
Apr 3, 2011
I am running Fedora 14 with the Gnome desktop and I have a 1 TB external hard drive that is msdos with approximately 200 gbs of data on it. I can unlock it and even read and copy files to my internal hard drive but I cannot add files to it, I use to be able to. I didn;t think i changed permissions.
View 3 Replies
View Related
Aug 26, 2011
I've had everything but /boot on LVM LUKS encryption since I installed 11.4 on my netbook. Suddenly it won't accept my password and boot. Nothing had been updated since the last successful boot. The only possibly different thing that occurred was that I had plugged in my Android phone to charge before it booted up. Anyway, the specific error it gives when I enter the password (and I'm absolutely sure it's the correct password):
Code:
No key available with this passphrase.
Here is everything else on the screen:
Code:
doing fast boot
Creating device nodes with udev
[number (not sure if relevant/unique)] fb:conflicting fb hw usage inteldrmfb vs VESA VGA - removing gen
Volume group "system" not found
[Code]...
View 9 Replies
View Related
Feb 22, 2010
I'm trying to have a LUKS encrypted partition mounted at startup and to have GDM ask for my key so it will decrypt. Now I followed [URL] to the letter. Except for now, I have it just mounted into /mnt/cryptohome so I'm not messing with my system. My problem is the one everyone mentions in the comments, ubuntu isn't asking for the LUKS key in the X display, it's asking in the first terminal (Ctrl-Alt-F1). This will not do. I need it to ask to mount my drive before I'm even asked to login, so eventually I can encrypt my /home.
View 9 Replies
View Related
May 27, 2010
I'm having a problem auto-mounting a new luks partition. I have crypttab and fstab entries. I already have my primary encrypted partition (root) mounting at boot (from the install), but after creating this one manually, it does not open on boot. It auto-mounts when I run the following command manually after boot: sudo luksOpen /dev/disk/by-uuid/<uuid> mycrypt
/etc/crypttab entry:
personalcrypt /dev/disk/by-uuid/a1af5b7b-db58-4690-b586-b74407795e2c none luks
/etc/fstab entry:
[code]...
View 1 Replies
View Related
Dec 23, 2009
I have an external 300GB (Toshiba) disk which I encrypted (using cryptsetup luksFormat) and then installed an NTFS filesystem on (need to be able to use it in both Linux and Windows - using FreeOTFE). The disk mounts fine in windows and on my Fedora 10 system it automounts.
I can manually mount it on the RHEL5.3 system, and gnome-mount gets as far as recognising that it is encrypted and asking for the key, but it doesn't then mount it - I then have to manually mount the /dev/mapper/luks... device.
Does anyone know how to do this - if it works in Fedora 10 it ought to be possible to get it to work in EL5.3 I'd have thought.
View 4 Replies
View Related
