Page 1 of 1

LUKS wihtout enter passphrase while booting

Posted: 2012/02/16 20:13:02
by Vega82
Hi,

created a file with my password.
run:
cryptsetup luksAddKey /dev/sda1 /root/key

then i edit /etc/cryptab

luks-xxxxxxxxxxxxxxxxxx UUID=xxxxxxxxxxxxxxxxxxx /root/key luks

But i still where asked for password while booting.

Whats wrong there??

LUKS wihtout enter passphrase while booting

Posted: 2012/02/16 22:06:32
by TrevorH
It's /etc/crypttab

Re: LUKS wihtout enter passphrase while booting

Posted: 2012/02/16 22:08:41
by Vega82
Sorry was a typo.

Re: LUKS wihtout enter passphrase while booting

Posted: 2012/02/16 22:20:45
by TrevorH
I've never used it but `man crypttab` has no option 'luks' listed as available to be used in the 4th field.

I would also suspect the permissions on the file containing the password will need to be fairly restrictive so it'll need to be chmod 600 and owned root:root. A read of /etc/init.d/functions in the init_crypto function confirms this. It also shows that as of CentOS 6, UUIDs are supported.

You do know that /etc/crypttab is [u]only[/u] used during boot? If you change it then you need to reboot to have the changes reflected.

Re: LUKS wihtout enter passphrase while booting

Posted: 2012/02/16 22:41:45
by Vega82
Yes of course i rebooted the system.
The keyfile is owned by root:root and chmod 600.
The luks -option i found in any howto's in the web, but it doesn't work too without this option.

I think there was a thinking error .... the keyfile is also on an encrypted partition. So there seems to be no was to boot without enter the password??

Re: LUKS wihtout enter passphrase while booting

Posted: 2012/02/16 23:25:19
by TrevorH
The key has to be readable by root and it has to be in plain text.