Page 1 of 1
LUKS wihtout enter passphrase while booting
Posted: 2012/02/16 20:13:02
by Vega82
Hi,
created a file with my password.
run:
cryptsetup luksAddKey /dev/sda1 /root/key
then i edit /etc/cryptab
luks-xxxxxxxxxxxxxxxxxx UUID=xxxxxxxxxxxxxxxxxxx /root/key luks
But i still where asked for password while booting.
Whats wrong there??
LUKS wihtout enter passphrase while booting
Posted: 2012/02/16 22:06:32
by TrevorH
It's /etc/crypttab
Re: LUKS wihtout enter passphrase while booting
Posted: 2012/02/16 22:08:41
by Vega82
Sorry was a typo.
Re: LUKS wihtout enter passphrase while booting
Posted: 2012/02/16 22:20:45
by TrevorH
I've never used it but `man crypttab` has no option 'luks' listed as available to be used in the 4th field.
I would also suspect the permissions on the file containing the password will need to be fairly restrictive so it'll need to be chmod 600 and owned root:root. A read of /etc/init.d/functions in the init_crypto function confirms this. It also shows that as of CentOS 6, UUIDs are supported.
You do know that /etc/crypttab is [u]only[/u] used during boot? If you change it then you need to reboot to have the changes reflected.
Re: LUKS wihtout enter passphrase while booting
Posted: 2012/02/16 22:41:45
by Vega82
Yes of course i rebooted the system.
The keyfile is owned by root:root and chmod 600.
The luks -option i found in any howto's in the web, but it doesn't work too without this option.
I think there was a thinking error .... the keyfile is also on an encrypted partition. So there seems to be no was to boot without enter the password??
Re: LUKS wihtout enter passphrase while booting
Posted: 2012/02/16 23:25:19
by TrevorH
The key has to be readable by root and it has to be in plain text.