Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 9th February 2012, 11:09
Frankly3D Frankly3D is offline
Junior Member
 
Join Date: Dec 2006
Posts: 10
Thanks: 1
Thanked 0 Times in 0 Posts
Default Unlock Existing LUKS Encrypted Drives With A Keyfile

Am looking at this for Fedora 15
Three existing encrypted partitions. all on /dev/vda
/dev/vda2 (/vda3,vda4) all on an lvm
/dev/vda1 = /boot not luks.


This is a KVM guest. with a 31gb raw storage format,
using KVM Virt-manager to connect if DE is required.

Using seriel console, I'm finding it a pain to keep entering luks p\w.
Can your article be used with an existing /dev/mapper device(s)

I'm guessing I would put the keyfile on /boot.
As any hacker would still need to unlock the "host box"
Reply With Quote
Sponsored Links
  #2  
Old 10th February 2012, 08:22
sjau sjau is offline
Local Meanie
 
Join Date: Apr 2006
Location: Switzerland
Posts: 1,138
Thanks: 4
Thanked 52 Times in 48 Posts
Default

/boot is not encrypted. You need to put it somewhere else.

What I did is put it in /root because I don't mount /root on a seperate partition so it gets unlocked with "/" during boot up process

But once that is unlocked, you can set it to auto-unlock everything else.
__________________
"Common sense is not as common as commonly believed" by sjau

Auto-Install Script for ISPConfig and Horde on a Vanilla Debian Stable

Need more Repos for Ubuntu? Repository Generator
Need more Repos for Debian? Debian Repository Generator
Reply With Quote
  #3  
Old 12th February 2012, 09:59
Frankly3D Frankly3D is offline
Junior Member
 
Join Date: Dec 2006
Posts: 10
Thanks: 1
Thanked 0 Times in 0 Posts
Default

/dev/mapper/luks-f9034624-98d6-4987-a2bc-b9614f0304a4 / ext4 defaults 1 1

Here's an existing /etc/fstab entry.
Where on the entry would I place "/root/key-file
__________________
frankly3d.com
"Still Learning"
Reply With Quote
  #4  
Old 12th February 2012, 16:13
sjau sjau is offline
Local Meanie
 
Join Date: Apr 2006
Location: Switzerland
Posts: 1,138
Thanks: 4
Thanked 52 Times in 48 Posts
Default

(1) the method on how a drive gets unlocked belongs to crypttab and not fstab
(2) as said, "/" can't be auto-unlocked.... that would kinda defeat the whole purpose
__________________
"Common sense is not as common as commonly believed" by sjau

Auto-Install Script for ISPConfig and Horde on a Vanilla Debian Stable

Need more Repos for Ubuntu? Repository Generator
Need more Repos for Debian? Debian Repository Generator
Reply With Quote
  #5  
Old 12th February 2012, 16:21
Frankly3D Frankly3D is offline
Junior Member
 
Join Date: Dec 2006
Posts: 10
Thanks: 1
Thanked 0 Times in 0 Posts
Default

Apoligies you are correct:
sudo nano /etc/crypttab

I was using / as an an example from /etc/fstab
So do I just copy the other luks /etc/fstab entries to
/etc/crypttab
an they are in a similar /dev/mapper/some_alphanumbric_string.
__________________
frankly3d.com
"Still Learning"
Reply With Quote
  #6  
Old 12th February 2012, 16:23
sjau sjau is offline
Local Meanie
 
Join Date: Apr 2006
Location: Switzerland
Posts: 1,138
Thanks: 4
Thanked 52 Times in 48 Posts
Default

did you actually have a look here? http://www.howtoforge.com/automatica...with-a-keyfile
__________________
"Common sense is not as common as commonly believed" by sjau

Auto-Install Script for ISPConfig and Horde on a Vanilla Debian Stable

Need more Repos for Ubuntu? Repository Generator
Need more Repos for Debian? Debian Repository Generator
Reply With Quote
  #7  
Old 12th February 2012, 16:27
Frankly3D Frankly3D is offline
Junior Member
 
Join Date: Dec 2006
Posts: 10
Thanks: 1
Thanked 0 Times in 0 Posts
 
Default

Yes:
But I have problems with logic at times, possible dues to dyselxia
I am starting at Step 5, trying to work back to Step 4,
Steps 1-3 are done.
__________________
frankly3d.com
"Still Learning"
Reply With Quote
Reply

Bookmarks

Tags
fedora, luks, unlock

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
HOWTO use a keyfile for an encrypted swap partition charles HOWTO-Related Questions 0 10th January 2009 16:10
Unlock A LUKS Encrypted Root Partition Via SSH On Ubuntu - cannot log in flapjack HOWTO-Related Questions 8 6th January 2009 13:40
Auto Unlock LUKS drives ...now no boot Curious Anomaly HOWTO-Related Questions 0 12th September 2008 22:40
HOWTO: Unlock A LUKS Encrypted Root Partition Via SSH On Ubuntu peter7 HOWTO-Related Questions 8 27th June 2008 21:30
Full disc encryption - use keyfile on usb thumbdrive sjau Technical 3 18th May 2008 16:06


All times are GMT +2. The time now is 22:09.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.