Unlock Existing LUKS Encrypted Drives With A Keyfile
Am looking at this for Fedora 15
Three existing encrypted partitions. all on /dev/vda
/dev/vda2 (/vda3,vda4) all on an lvm
/dev/vda1 = /boot not luks.
This is a KVM guest. with a 31gb raw storage format,
using KVM Virt-manager to connect if DE is required.
Using seriel console, I'm finding it a pain to keep entering luks p\w.
Can your article be used with an existing /dev/mapper device(s)
I'm guessing I would put the keyfile on /boot.
As any hacker would still need to unlock the "host box"
/boot is not encrypted. You need to put it somewhere else.
What I did is put it in /root because I don't mount /root on a seperate partition so it gets unlocked with "/" during boot up process
But once that is unlocked, you can set it to auto-unlock everything else.
/dev/mapper/luks-f9034624-98d6-4987-a2bc-b9614f0304a4 / ext4 defaults 1 1
Here's an existing /etc/fstab entry.
Where on the entry would I place "/root/key-file
(1) the method on how a drive gets unlocked belongs to crypttab and not fstab
(2) as said, "/" can't be auto-unlocked.... that would kinda defeat the whole purpose
Apoligies you are correct:
sudo nano /etc/crypttab
I was using / as an an example from /etc/fstab
So do I just copy the other luks /etc/fstab entries to
an they are in a similar /dev/mapper/some_alphanumbric_string.
did you actually have a look here? http://www.howtoforge.com/automatica...with-a-keyfile
But I have problems with logic at times, possible dues to dyselxia
I am starting at Step 5, trying to work back to Step 4,
Steps 1-3 are done.
|All times are GMT +2. The time now is 07:05.|
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.