LUKS wihtout enter passphrase while booting

General support questions

LUKS wihtout enter passphrase while booting

Postby Vega82 » 2012/02/16 20:13:02

Hi,

created a file with my password.
run:
cryptsetup luksAddKey /dev/sda1 /root/key

then i edit /etc/cryptab

luks-xxxxxxxxxxxxxxxxxx UUID=xxxxxxxxxxxxxxxxxxx /root/key luks

But i still where asked for password while booting.

Whats wrong there??
Vega82
 
Posts: 26
Joined: 2012/02/14 08:21:28

LUKS wihtout enter passphrase while booting

Postby TrevorH » 2012/02/16 22:06:32

It's /etc/crypttab
User avatar
TrevorH
Forum Moderator
 
Posts: 9167
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: LUKS wihtout enter passphrase while booting

Postby Vega82 » 2012/02/16 22:08:41

Sorry was a typo.
Vega82
 
Posts: 26
Joined: 2012/02/14 08:21:28

Re: LUKS wihtout enter passphrase while booting

Postby TrevorH » 2012/02/16 22:20:45

I've never used it but `man crypttab` has no option 'luks' listed as available to be used in the 4th field.

I would also suspect the permissions on the file containing the password will need to be fairly restrictive so it'll need to be chmod 600 and owned root:root. A read of /etc/init.d/functions in the init_crypto function confirms this. It also shows that as of CentOS 6, UUIDs are supported.

You do know that /etc/crypttab is only used during boot? If you change it then you need to reboot to have the changes reflected.
User avatar
TrevorH
Forum Moderator
 
Posts: 9167
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: LUKS wihtout enter passphrase while booting

Postby Vega82 » 2012/02/16 22:41:45

Yes of course i rebooted the system.
The keyfile is owned by root:root and chmod 600.
The luks -option i found in any howto's in the web, but it doesn't work too without this option.

I think there was a thinking error .... the keyfile is also on an encrypted partition. So there seems to be no was to boot without enter the password??
Vega82
 
Posts: 26
Joined: 2012/02/14 08:21:28

Re: LUKS wihtout enter passphrase while booting

Postby TrevorH » 2012/02/16 23:25:19

The key has to be readable by root and it has to be in plain text.
User avatar
TrevorH
Forum Moderator
 
Posts: 9167
Joined: 2009/09/24 10:40:56
Location: Brighton, UK


Return to CentOS 6 - General Support

Who is online

Users browsing this forum: No registered users and 6 guests