Ubuntu :: Auto-mount Luks Encrypted Partition At Boot?
May 27, 2010
I'm having a problem auto-mounting a new luks partition. I have crypttab and fstab entries. I already have my primary encrypted partition (root) mounting at boot (from the install), but after creating this one manually, it does not open on boot. It auto-mounts when I run the following command manually after boot: sudo luksOpen /dev/disk/by-uuid/<uuid> mycrypt
/etc/crypttab entry:
personalcrypt /dev/disk/by-uuid/a1af5b7b-db58-4690-b586-b74407795e2c none luks
/etc/fstab entry:
[code]...
View 1 Replies
ADVERTISEMENT
Feb 1, 2016
I have two basically identical harddrives that are encrypted with LUKS containing a complete debian installation:
Code: Select allroot@x200s:/home/b# lsblk --fs
NAME FSTYPE LABEL UUID MOUNTPOINT
sda
├─sda1 ext2 0b851969-281e-4db2-8a5b-3798e801711b /boot
├─sda2
└─sda5 crypto_LUKS cfcf63ef-448a-4f72-9f58-8f7731cf3dfc
└─sda5_crypt LVM2_member 21CS3f-SQeQ-XcMr-kyDs-OPtR-egmT-HkvJAu
[Code] ....
sda is what I currently run to write this text, sdb is my former harddrive, connected via USB.
I want to access the root partition on sdb.
The problem is:
Code: Select allcryptsetup luksOpen /dev/sdb5 oldhd
Enter passphrase for /dev/sdb5:
root@x200s:/home/b# ls /dev/mapper/
control oldhd sda5_crypt x200s--vg-root x200s--vg-swap_1
root@x200s:/home/b# mount /dev/mapper/oldhd /mnt/
[b]mount: unknown filesystem type 'LVM2_member'[/b]
[Code] ..
Before all this, both sda and sdb where in the same volume group. I renamed the volume group of sdb to "oldDisk"
using
Code: Select allvgrename <UUID> oldDisk
How I can access the data on the root filesystem of my sdb..
View 2 Replies
View Related
Feb 22, 2010
I'm trying to have a LUKS encrypted partition mounted at startup and to have GDM ask for my key so it will decrypt. Now I followed [URL] to the letter. Except for now, I have it just mounted into /mnt/cryptohome so I'm not messing with my system. My problem is the one everyone mentions in the comments, ubuntu isn't asking for the LUKS key in the X display, it's asking in the first terminal (Ctrl-Alt-F1). This will not do. I need it to ask to mount my drive before I'm even asked to login, so eventually I can encrypt my /home.
View 9 Replies
View Related
Jan 21, 2009
I need a FREE solution that can image an entire Luks system encrypted volume and the rest of the used HDD, the MBR and /boot partition. Note: MBR and /boot are not encrypted. Note 2: I want to be able to restore entire drive from image with only a couple of steps. Note 3: Destination HDD space is a factor. Image file must be compressed and the image file must be around 40 to 50 GB or less. The smaller the image the better.
I have used clonezilla live cd before but not for encrypted volumes. I know you can install it in Linux. But, I don't know how to configure it after installation. I would be very happy if someone could tell me how to configure clonezilla in Fedora. How to guides are also welcome. I have one more question. If I image the encrypted volumes and all the stuff I mentioned above while logged in to Fedora, and I restore the drive from the image, will the recovered drive still be encrypted?
View 8 Replies
View Related
Jun 30, 2010
I have a really tricky and may be intresting problem with a encrypted disk partition (cryptsetup luks...) which was fine until it accidentally got re-formatted by an instance of Windows 7. Most of the data on that 1TB-disk will probably still exist, only the LUKS header at the very beginning of the partition is - of course - gone.
So when I try to open the container, it gives no verbose, just the return value 234.
I scanned the whole partition for other LUKS headers with hexedit, none there. But, luckyly I have another partition which is encrypted in the exact same way with the exact same passphrase (which I remember very well!), so I had an idea: I copied the LUKS header (592 bytes) from the other LUKS encrypted partition over to the damaged partition.
When I now issue
Code:
Code:
No key available with this passphrase
Here is the command how I created the container:
Code:
How do I get the existing passphrase accepted by LUKS?
View 9 Replies
View Related
May 2, 2010
Times like this Ubuntu makes me want to pull my hair out. When I enter my pass on the login screen, it brings up a "Could not update ICEauthority file" error and then goes to a black screen. I've tried to fix this problem for the past 2-3 hours (searching google, these forums, etc) and at this point, I just want the data off my drive so I can restart with a fresh install of Ubuntu. I used the "gsku nautilus" command to mount the disk from a Ubuntu Drive boot, but it's not letting me have access to the encrypted drive. Does anyone know of a work around for this?
View 1 Replies
View Related
Nov 8, 2009
I need to access /etc/modprobe.d on an encrypted LVM LUKS partition. I m not sure how to go about it though. Mount usually handles my mounting needs, do I need to decrypt the physical volume first? LIst of commands need would make my day.
View 1 Replies
View Related
Aug 30, 2010
I have encrypted a partition while installing Fedora 13, and I need to disable its automount - I will mount those manually.
But even though I commented out the corresponding line in /etc/fstab, I am still asked for the passphrase for the partition at startup.
How to completely disable this behaviour - and how to mount the partition manually afterwards?
View 5 Replies
View Related
May 16, 2011
I need to move a LUKS encrypted partition to the end of a harddrive to expand another partition. Does anyone know how to do this?
Is it possible to do this with other partition editing programs?
Gparted doesnt support LUKS/LVM
View 1 Replies
View Related
May 20, 2010
Anyone had any experience with unlocking a LUKS encrypted root partition via ssh? It is ok to leave /boot unencrypted.
There are a few pages from google with the debians variants, archived by putting dropbear into initrd.
I like to do that with my fedora/centos remote servers, but struggle to find any resources specific to it. Anyone has any suggestions and thoughts as to what might be a suitable way forward?
View 2 Replies
View Related
May 26, 2011
I have a setup that looks like this
[Code]....
and I'm dumped into recovery mode. However, if I remove these mounts from /etc/fstab via comments, I can wait for the system to boot (which it does very quickly) then mount the mapper devices myself. So what is going on? Has something changed wrt logical volumes, or is this just systemd? I can live with manual mounting, but any advice on resolving the automatic mounting situation would be great.
[Code]....
View 2 Replies
View Related
May 3, 2010
I recently installed Ubunutu 10.04 Netbook Remix onto a Dell Vostro A90. During install I selected "Require my password to log in and to decrypt my home folder", and this is working great.
What I would like to figure out, is how to have a second encrypted volume that lives on my SD Card that is also decrypted automatically upon login.
I've tried a variety of things, but they all require me to re-enter my password at some point during the boot/login, once for user login and the other time to decrypt/mount the volume. I am trying to avoid this, and hopefully will only have to enter my password once. Maybe I can piggyback on the default Ubunutu home directory decryption and make it all appear seamless?
View 3 Replies
View Related
Jul 31, 2010
I am trying to have an encrypted drive auto-mounted once i log into Lucid.
I created the encrypted drive with the disk utility in administration menu
I also have the password remembered "forever" so when i am logged in i just click the icon for the drive on left panel and it mounts.
I am able to find the uuid and know what device is called sdd but i don`t know how to put it into fstab if that is possible?
View 1 Replies
View Related
Feb 14, 2010
I know how to mount it manually. I've seen a howto on how to mount it automatically by loging in with the user, you type your username and password and it mounts your encrypted partition. But that's not what I want. My idea is to call cryptsetup and mount on boot, AND ask me for passphrase like when its loading the system, then if I don't type the right password it shouldn't mount /home, even though i type the correct USER password later when the system is loaded(and then I'd have an empty /home since my home partition wasn't mounted due to wrong passphrase).
This is what I tried: I added the commands to rc.local and I don't even feel like it was executed, no passphrase was asked. As a test if commands there were being executed, I tried simple commands lile mkdir /test and it worked. So commands there are executed, yet, no passphrase was asked to me, I looked on dmesg for crypt and found nothing, I pressed alt+ctrl+F1 desiring to find a passprhase-ask and again, nothing.
View 2 Replies
View Related
Aug 10, 2010
It seems I've run into a bit of a problem. I recently upgraded to the latest kernel 2.6.32-24-generic (x86) but when I reboot into the new kernel and type in my password the system hangs, same when using a keyfile on the root file system.to give an outline of how the disks are setup.3 hard drives
sda1 / = unencrypted
sdb1 /home = encrypted w/ luks
sdc1 /backup = encrypted w/ luks
When i boot to the original kernel 2.6.32-21 I'm able to successfully get into the system.
View 1 Replies
View Related
Dec 22, 2009
When I upgraded from FC11 to FC12 of the encrypted raid partitions started to request password on boot (in FC11 not having references to encrypted md1 in fstab and crypttab, was enough for FC11 not to ask for passwords on boot) despite the fact that I removed /etc/crypttab and there is nothing in /etc/fstab relating to encrypted md1 (raid array). I want my machine to boot w/o asking me passwords for encrypted devices, and I will open and mount them myself manually after boot.
View 11 Replies
View Related
Apr 11, 2011
I used Ubuntu for years now, but since the latest decisions got public I deceided to try something new: Fedora. I installed the system as a dualboot,Ubuntu and my old data. Because Fedora got installed inbetween of two partitions,ad to do the partitioning manually. I just made one partition /dev/sda4. During the installation process I got asked about the password for my /dev/sda1 partition. Of course, I entered it. So far so good.Now, everytime when I boot, the boot process stops and asks me for the password of the /dev/sda1 partition. However, the boot process does not go on, unless i press STRG+C.After the log in, I can also not access my data, by entering the password (GUI).The only way I can acces the data on that partition is:
Code:
su -
cryptsetup luksOpen /dev/DEVICENAME luks-fedora
[code]...
View 4 Replies
View Related
Jan 31, 2011
I encrypted my /home partition in my last installation F13. For some reason, I have to reinstall F13. After I login, I can not access /home. I followed some instructions like
modprobe dm-crypt
modprobe dm-mod
cryptsetup luksOpen /dev/vg_vit/lv_home vg_vit-lv_home
[code]...
View 3 Replies
View Related
Oct 14, 2010
I currently have a simple bash script set up via cron to backup my data (rsync) to an internal hard drive at regular intervals. I leave this "backup" hard drive unmounted, and it is mounted and unmounted as needed with the bash script. If I were to encrypt this "backup" drive (via Luks, or some other means), is there a way to get my backup script to work without me having to be there to enter a password?
View 4 Replies
View Related
Apr 3, 2010
I'm trying to configure pam_mount to automatically mount an encrypted partition (luks) and formatted to NTFS. I typed the command in the configuration file:
Quote:
<volume user="user" fstype="crypt" path="/dev/sda6" mountpoint="~/dane2" options="defaults,umask=000" />
But the partition is mounted read-only. There is some way to mount the partition rw mode?
View 2 Replies
View Related
Mar 9, 2011
Has anyone tried encrypting the boot partition to prevent the kernel from being modified. Iv tried following this but I'm running into issues when building. [URL] Im using the source from bzr checkout [URL] Last time I tried I screwed grub and it wouldnt boot.
View 9 Replies
View Related
Feb 11, 2011
I have 2 identical disks originally configured as a pair for a server. Each of the disks has 2 partitions dev/sdb1,dev/sdb2. The sdb1 partitions I had configured as a raid1 mirror. The sdb2 partitions were non-raid and used as extra misc. Space. Further, the raid setup is also encrypted using dm-crypt luks. Now I want to redeploy each of the disks for new purposes. One of the disks i want to deploy exactly as before (keeping the partitions and content), however without being part of a raid array.
I've successfully deployed this disk into a new system and I am mounting the dev/sdb1 partition as dev/md0 because the disk is set to autodetect raid. Actually I am using cryptsetup and mounting with mapper. Can I get rid of the setting for auto detect on this partition without losing the data, or breaking the encryption? I just want to mount the partition as a standalone encrypted disk. Is it as simple as doing crypt setup luksOpen /dev/sdb1 then mounting it with mapper? Or do I need to change the partition in some way. Or do I simply continue to operate it as a 'broken' raid array?
View 2 Replies
View Related
Jan 3, 2010
I'm just wondering - what is the best way to set up your encrypted volumes with dm_crypt and LUKS?
My understanding was that aes-lrw ws better than aes-cbc - and then I stumble upon [url] which says that LRW has some problems, and XTS is better? I dont know enough about encryption theory to be able to say anything, so i'm hoping some folks more enlightened will be able to say something here.
I was previously using aes-lrw-benbi to set up a volume. If xts is truly better - should i be using '-c aes-xts-benbi' then?
View 4 Replies
View Related
Nov 7, 2010
I have a windows partition on my drive, and I want to access it without having to mount it first, etc. There are just two partitions, windows and Ubuntu. I am running Ubuntu 10.04.1 so I want to mount it on startup. I saw this article: [URL] but I don't know if what it describes will work as it's almost 2 years old. I'm not adverse to commands, in fact would probably prefer those.
View 9 Replies
View Related
Oct 18, 2010
I can't seem to get an encrypted partition to recognize a keyfile. It is a backup partition that I would like to keep unmounted until a cron-script runs once a week to backup my sensitive data. In order for the script to run without my assistance, I thought I'd use a keyfile to authorize the mount.
So far I've created a keyfile and have added it to the partition using "luksKeyAdd". It didn't really say it was successful, but when I do a luksdump, it shows that another key slot has been enabled, so I believe it worked. After that I created a /etc/crypttab file with the following:
Code:
backup_sdd1 /dev/sdd1 /root/backup luks
/dev/sdd1 being the backup partition, and /root/backup being the keyfile
After rebooting, I am still prompted for a password when trying to mount the encrypted partition (sdd1), and there is no device "/dev/mapper/backup_sdd1" created like I believe there should be. I haven't added any entries to fstab, as I don't want this partition to mount at boot.
View 5 Replies
View Related
Dec 17, 2008
I am trying to get Slackware 12.2 running on a system with two identical harddiscs using RAID-1, LVM and LUKS.
Here is what I get:
Code:
The system is still the same, however, the results of upgrading or installing 12.2 are different. The system refuses to boot. The screen messages during boot seem to suggest, that the RAID system is "seen" by the system, but the encrypted filesystem is not.
I can boot with the installation DVD, however, and
Code:
View 14 Replies
View Related
Jan 6, 2010
Currently I have a dual boot system it consists of Fedora 12 and Windows Vista, at this time when I am logged into fedora 12 I can select the windows vista partition in the f12 file manager, I am than prompted for the root password and after entering the password, the drive mounts as read/write with no problem. How can I automate this mounting process so once I login as a standard user the NTFS partition mounts without any input? I would like this to auto mount without prompting for a password or having to double click on the vista partition each time.
View 6 Replies
View Related
Apr 7, 2011
Easiest way to auto mount an ext4 partition on my hard drive?
View 3 Replies
View Related
Jan 15, 2016
Is it better to install LUKS to raw disk (/dev/sdb) or disk partition (/dev/sdb1)? What are best LUKS options?
"cryptsetup benchmark" output
Code: Select allPBKDF2-sha1 1310720 iterations per second
PBKDF2-sha256 862315 iterations per second
PBKDF2-sha512 590414 iterations per second
[Code] ....
Is slow hash better or how to choose it? It is clear that aes-xts is best choise. Is 265 bit key good?
View 3 Replies
View Related
Aug 18, 2010
I run fedora 13 on my laptop (dual boot with Windows 7) and I just created a new partion to hold sensible data, encrypted with LUKS. I followed this tutorial for creating it.Now, everything went well and the new partition works well. But I needed something a little different from what the tutorial suggested, because I don't want the partition to be mounted on the system each time it boots, but I would (unlock and) mount it manually when I need it.
To do so I just didn't follow the Tutorial steps from 7 to 13, thinking that without the changes to crypttab and fstab the partition wouldn't be even touched by the start up process. And that's partially true: the partition isn't mapped nor mounted in the system when I boot, but the problem is that it however keeps asking for the passphrase to unlock it even if it doesn't get mounted or mapped.It just asks for it before the system loads all it's parts (udev, filesystems, etc) and I can't understand why, what it uses it for if it doesn't unlock it.So my question is: why does it ask for the passphrase to unlock luks if I haven't set crypttab and fstab to mount the partition on start up?
View 2 Replies
View Related
