Password Protect and Encrypt Drives

Support for security such as Firewalls and securing linux
Post Reply
onlize
Posts: 5
Joined: 2018/01/02 19:38:43

Password Protect and Encrypt Drives

Post by onlize » 2018/01/02 19:55:50

Sorry if I am asking very basic question, but this is the first time I work with CentOS. My Windows server crashed and I am planning to install CentOS instead.

I have the following requirements and hope that someone will point me the right direction.
I have a few large USB drives (8Tb, 6Tb, and 3Tb). I need to be able to password protect and encrypt them. Basically the idea is that if drive is stolen, nobody can access information that is on the stolen drive.
At the same time, if I move the drive on another CentOS server, I need to be able to use password to connect, mount and use any of my drives.

Can I do it? Does CentOS have anything like this? I am searching, but cannot find. I thought I could use cryptkeeper, but, it seems, it does not exist for CentOS.

Can someone help me with this?

Thank you.

markkuk
Posts: 739
Joined: 2007/09/07 10:56:28
Location: Finland

Re: Password Protect and Encrypt Drives

Post by markkuk » 2018/01/03 07:13:35

CentOS supports LUKS for drive encryption. See the Security Guide for instructions.
Last edited by markkuk on 2018/01/04 06:10:28, edited 1 time in total.

onlize
Posts: 5
Joined: 2018/01/02 19:38:43

Re: Password Protect and Encrypt Drives

Post by onlize » 2018/01/03 14:31:26

Thank you for your reply. I am reading and do not see anywhere if I can easily attach this drive to another CentOS server using the password. Is is possible to do?

I am trying to decide if I have to go back to Windows or can I use CentOS instead.

The reason for my question is my Windows server failed and I have to rebuild it. My data is safe. I can just attach my drives, enter password and map the letter on the Windows server. I used BitLocker with Windows. Can I do it with CentOS?

Thank you.

onlize
Posts: 5
Joined: 2018/01/02 19:38:43

Re: Password Protect and Encrypt Drives

Post by onlize » 2018/01/03 14:49:59

The link to the Security Guide does not work, but I think I found it. Is this the one you are talking about: https://wiki.centos.org/HowTos/EncryptedFilesystem

markkuk
Posts: 739
Joined: 2007/09/07 10:56:28
Location: Finland

Re: Password Protect and Encrypt Drives

Post by markkuk » 2018/01/04 06:23:29

Sorry, I pasted the wrong link. I meant the RHEL 7 Security Guide section on LUKS:https://access.redhat.com/documentation ... Encryption
LUKS/cryptsetup encrypted drives should be mountable on any Linux system with the LUKS/cryptsetup software installed (you need root access), but I haven't tested that myself.

markkuk
Posts: 739
Joined: 2007/09/07 10:56:28
Location: Finland

Re: Password Protect and Encrypt Drives

Post by markkuk » 2018/01/04 13:35:50

markkuk wrote:LUKS/cryptsetup encrypted drives should be mountable on any Linux system with the LUKS/cryptsetup software installed (you need root access), but I haven't tested that myself.
OK, I just checked that this works:
I set up an encrypted USB stick with the following commands:

Code: Select all

# cryptsetup --verbose --verify-passphrase luksFormat /dev/sdc
# cryptsetup luksOpen /dev/sdc storengo
# mkfs.ext4 /dev/mapper/storengo
# mount /dev/mapper/storengo /mnt
I copied some data on the drive, then unmounted it with:

Code: Select all

# umount /mnt
# cryptsetup luksClose storengo
Next, I plugged the USB drive to a laptop running Fedora 27 with KDE desktop. The drive was recognized as encrypted and after entering the passphrase it became accessible through the standard GUI file manager.
On a Raspberry Pi3 running Raspbian Stretch, the desktop file manager failed to open the drive for some unknown reason, but mounting through command line worked the same way as in CentOS.
So, I can confirm that LUKS/cryptsetup-encrypted USB drives are compatible across different Linux distributions and CPU architectures. Sometimes they even work directly with desktop GUI tools. On command line mounting/unmounting takes two commands (after you have figured out the device name for the USB drive).

onlize
Posts: 5
Joined: 2018/01/02 19:38:43

Re: Password Protect and Encrypt Drives

Post by onlize » 2018/01/04 13:57:57

Thank you for your help.

Post Reply