LUKS wihtout enter passphrase while booting

General support questions
Post Reply
Vega82
Posts: 26
Joined: 2012/02/14 08:21:28

LUKS wihtout enter passphrase while booting

Post by Vega82 » 2012/02/16 20:13:02

Hi,

created a file with my password.
run:
cryptsetup luksAddKey /dev/sda1 /root/key

then i edit /etc/cryptab

luks-xxxxxxxxxxxxxxxxxx UUID=xxxxxxxxxxxxxxxxxxx /root/key luks

But i still where asked for password while booting.

Whats wrong there??

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

LUKS wihtout enter passphrase while booting

Post by TrevorH » 2012/02/16 22:06:32

It's /etc/crypttab

Vega82
Posts: 26
Joined: 2012/02/14 08:21:28

Re: LUKS wihtout enter passphrase while booting

Post by Vega82 » 2012/02/16 22:08:41

Sorry was a typo.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: LUKS wihtout enter passphrase while booting

Post by TrevorH » 2012/02/16 22:20:45

I've never used it but `man crypttab` has no option 'luks' listed as available to be used in the 4th field.

I would also suspect the permissions on the file containing the password will need to be fairly restrictive so it'll need to be chmod 600 and owned root:root. A read of /etc/init.d/functions in the init_crypto function confirms this. It also shows that as of CentOS 6, UUIDs are supported.

You do know that /etc/crypttab is [u]only[/u] used during boot? If you change it then you need to reboot to have the changes reflected.

Vega82
Posts: 26
Joined: 2012/02/14 08:21:28

Re: LUKS wihtout enter passphrase while booting

Post by Vega82 » 2012/02/16 22:41:45

Yes of course i rebooted the system.
The keyfile is owned by root:root and chmod 600.
The luks -option i found in any howto's in the web, but it doesn't work too without this option.

I think there was a thinking error .... the keyfile is also on an encrypted partition. So there seems to be no was to boot without enter the password??

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: LUKS wihtout enter passphrase while booting

Post by TrevorH » 2012/02/16 23:25:19

The key has to be readable by root and it has to be in plain text.

Post Reply