search for: crypttab

Radu Radutiu wrote: > On Tue, Nov 27, 2018 at 3:14 PM mark <m.roth at 5-cent.us> wrote: > >> What we do is to have the encryption key of the secondary filesystem in >> /etc/crypttab, which is, of course, 600. As it boots, it decrypts from >> that as it mounts the rest of the system. >> > Thanks, this is working as expected and it gave me the hint needed to > find the actual problem. The problem is that the initramfs image generated > by dracut -f does not...

I have successfully used the swap option of crypttab (# man crypttab) to encrypt the swap partition dynamically. rc.sysinit enables that swap partition successfully at the right point (after encryption). The same doesn't work for the tmp option of crypttab (# man crypttab). The encrypted partition is present after booting the system. Manually...

...5-cent.us: >> >> Upgraded a RAID. Copied everything from backup. >> >> And then my manager said I had to encrypt the drive. >> >> I've done that, and made the filesystem, but I can't mount it. >> >> CentOS 6. >> I have the entry in /etc/crypttab, and a key in /etc/crypt.pw, and the >> luks UUID in /etc/fstab. I cannot find the command that tells it to >> create the device in /dev/mapper from the info in /etc/crypttab. >> >> Clues for the poor? Yes, the server will, at some point in the future, >> go to CentOS...

...other day encrypted, and things were looking good... until there was a problem with another RAID attached to the box, and I wound up having to reboot. What had been /dev/sdb came up as /dev/sdc. So... is there any way other than using /dev/disk/by-uuid/<uUUID> as the second field in /etc/crypttab to deal with this possibility? mark

...Configuration patch) This patch adds the option of requesting, at install time, that swap LVs be encrypted. The modifications include: * Introduction of the ovirt_swap_encrypt install parameter * Inclusion of all required packages * Inclusion of required kernel modules * Introduction of /etc/ovirt-crypttab to hold encrypted swap configuration (Couldn't use /etc/crypttab since it happens in rc.sysinit, before persistence is available * Modification of ovirt-early so it automatically brings up encrypted swap, if available It works as follows: ovirt_swap_encrypt={Swap|Swap2},cypher1[:cypher2...]...

Upgraded a RAID. Copied everything from backup. And then my manager said I had to encrypt the drive. I've done that, and made the filesystem, but I can't mount it. CentOS 6. I have the entry in /etc/crypttab, and a key in /etc/crypt.pw, and the luks UUID in /etc/fstab. I cannot find the command that tells it to create the device in /dev/mapper from the info in /etc/crypttab. Clues for the poor? Yes, the server will, at some point in the future, go to CentOS 7, but that needs my user to be off for a wh...

On Tue, Nov 27, 2018 at 3:14 PM mark <m.roth at 5-cent.us> wrote: > What we do is to have the encryption key of the secondary filesystem in > /etc/crypttab, which is, of course, 600. As it boots, it decrypts from > that as > it mounts the rest of the system. > > mark > Thanks, this is working as expected and it gave me the hint needed to find the actual problem. The problem is that the initramfs image generated by dracut -f doe...

Hello list, I bought a Thinkpad T420 and installed CentOS 7 recently. I choosed to use lvm encryption for the entire volume group. It works so far. But now I am planning to install a second hard disk. My thought is to create a new volume group on this additional disk. But how can I integrate/do this according to the existing encryption so that it will be decrypted by the same passphrase I use

...ext editor like vim does not create a valid keyfile that cryptsetup can equate with a key for an encrypted volume. This addition is (at least) worth six hours of my time, so hence may be worth about that much to anyone who may read this valuable addition. This limitation on cryptsetup and crypttab is not mentioned in the crypttab nor cryptsetup manuals at all. UserName is VaheOughourlian.

I'm sorry, but grep -i crypt /var/log/anaconda/anaconda.program.log returns nothing. But I have got an entry in /etc/crypttab. I only found this with grep -i luks /var/log/anaconda/anaconda.*: /var/log/anaconda/anaconda.storage.log:20:47:55,959 DEBUG blivet: LUKS.__init__: /var/log/anaconda/anaconda.storage.log:20:49:25,009 DEBUG storage.ui: LUKS.__init__: /var/log/anaconda/anaconda.storage.log:20:49:25,00...

...to install a second hard disk. My thought is to >create a new volume group on this additional disk. >> >> But how can I integrate/do this according to the existing encryption >so that it will be decrypted by the same passphrase I use at startup? > >http://linux.die.net/man/5/crypttab > >When you create a new entry in crypttab, you can use the 3rd field to >point to a file that contains the passphrase for this new LUKS volume. >In effect, one passphrase gives access to both drives. > >So there's a pro con here. Pro is that you could actually opt for a >c...

...anning to install a second hard disk. My thought is to create a new volume group on this additional disk. >> >> But how can I integrate/do this according to the existing encryption so that it will be decrypted by the same passphrase I use at startup? > > http://linux.die.net/man/5/crypttab > > When you create a new entry in crypttab, you can use the 3rd field to > point to a file that contains the passphrase for this new LUKS volume. > In effect, one passphrase gives access to both drives. You don't even need to do that. The init scripts try your passphrase on every...

...pgraded a RAID. Copied everything from backup. >>> >>> And then my manager said I had to encrypt the drive. >>> >>> I've done that, and made the filesystem, but I can't mount it. >>> >>> CentOS 6. >>> I have the entry in /etc/crypttab, and a key in /etc/crypt.pw, and the >>> luks UUID in /etc/fstab. I cannot find the command that tells it to >>> create the device in /dev/mapper from the info in /etc/crypttab. >>> >>> Clues for the poor? Yes, the server will, at some point in the future, >&...

...8:19 0 426.2G 0 part ??md125 9:125 0 426.1G 0 raid1 The problem is md125. System gagged on bringing it up when I rebooted, until I commented it out of fstab. Now, cryptsetup gives me the same UUID as I have in /etc/mdadm.conf. The entry in /etc/crypttab looks identical to the RAIDs for root and swap, but nope. I was able to d an mdadm --assemble -u $(UUID from mdadm.conf), and then a cryptopen luks... but never got anything in /dev/mapper. I'm still fighting - any thoughts? (No, I can't reboot again, like I did this morning, it's now...

Is there an easy way (cli) to enable a luks encrypted partition after reboot (a partition that was not enabled while booting, because not in the crypttab). I can execute the necessary command stack [1] but just wondering if there is an "enterprise/easy" way to do that ... [1] cryptsetup luksOpen $(blkid -t TYPE="crypto_LUKS" -o device) \ luks-$(cryptsetup luksUUID $(blkid -t TYPE="crypto_LUKS" -o device)) -- LF

...; But now I am planning to install a second hard disk. My thought is to create a new volume group on this additional disk. > > But how can I integrate/do this according to the existing encryption so that it will be decrypted by the same passphrase I use at startup? http://linux.die.net/man/5/crypttab When you create a new entry in crypttab, you can use the 3rd field to point to a file that contains the passphrase for this new LUKS volume. In effect, one passphrase gives access to both drives. So there's a pro con here. Pro is that you could actually opt for a completely different passphra...

....2017 um 16:53 schrieb m.roth at 5-cent.us: > > Upgraded a RAID. Copied everything from backup. > > And then my manager said I had to encrypt the drive. > > I've done that, and made the filesystem, but I can't mount it. > > CentOS 6. > I have the entry in /etc/crypttab, and a key in /etc/crypt.pw, and the > luks UUID in /etc/fstab. I cannot find the command that tells it to create > the device in /dev/mapper from the info in /etc/crypttab. > > Clues for the poor? Yes, the server will, at some point in the future, go > to CentOS 7, but that needs m...

...nly prompts once, which is the behavior proposed by Rich. So, I pushed the test a little more and added 2 disks to the virtual machine and manually configured LUKS (luksFormat, etc...), with the same passphrase, but different from the one provided during the installation. I added the disks to /etc/crypttab and at boot I'm asked to provide 3 passphrases: 1 for the initial devices and 1 per additional disk. This is similar to Pino's fully deterministic approach. I then realized that I had encrypted the whole device, while the installation had created partitions. So, I added 2 other disks and pa...

> On 01/11/2023 01:33 PM, H wrote: >> On 01/11/2023 02:09 AM, Simon Matter wrote: >>> What I usually do is this: "cut" the large disk into several pieces of >>> equal size and create individual RAID1 arrays. Then add them as LVM PVs >>> to >>> one large VG. The advantage is that with one error on one disk, you >>> wont >>>

On Tuesday, 12 November 2019 19:35:12 CET Richard W.M. Jones wrote: > This allows multiple --key parameters on the command line to match a > single device. This could either be specified as: > > tool --key /dev/sda1:key:trykey1 --key /dev/sda1:key:trykey2 > > which would try "trykey1" and "trykey2" against /dev/sda1. This seems OK for me, so you can