similar to: mirroring a loop device across an ssh connection

Hi everyone, I added a page under the HowTos for Encryption, and then added a guide for encrypting /tmp /swap and /home using cryptsetup and LUKS keys on LVM, when you already have partitions setup. http://wiki.centos.org/HowTos/EncryptTmpSwapHome Regards, Max

Leon Fauster wrote: >> Am 20.06.2017 um 16:53 schrieb m.roth at 5-cent.us: >> >> Upgraded a RAID. Copied everything from backup. >> >> And then my manager said I had to encrypt the drive. >> >> I've done that, and made the filesystem, but I can't mount it. >> >> CentOS 6. >> I have the entry in /etc/crypttab, and a key in

On Mon, Sep 07, 2020 at 10:41:20AM +0100, Richard W.M. Jones wrote: >For BitLocker disks cryptsetup does not (yet? ever?) support reading >UUIDs and this function will fail. This does not matter here so just >ignore the error. > >Note there is no error message, cryptsetup simply returns with a bad >exit code: > >><rescue> cryptsetup luksUUID /dev/sda2

On Tue, Oct 06, 2020 at 03:06:54PM +0100, Richard W.M. Jones wrote: >On Tue, Oct 06, 2020 at 03:25:20PM +0200, Martin Kletzander wrote: >> On Mon, Sep 07, 2020 at 10:41:20AM +0100, Richard W.M. Jones wrote: >> >For BitLocker disks cryptsetup does not (yet? ever?) support reading >> >UUIDs and this function will fail. This does not matter here so just >> >ignore

On Monday, 7 September 2020 11:43:54 CEST Richard W.M. Jones wrote: > This commit deprecates luks-open/luks-open-ro/luks-close for the more > generic sounding names cryptsetup-open/cryptsetup-close, which also > correspond directly to the cryptsetup commands. > > The optional cryptsetup-open readonly flag is used to replace the > functionality of luks-open-ro. > > The

There had been a virtual package "diff" that depended on diffutils, but that's gone in wheezy/sid, too. --- appliance/packagelist.in | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/appliance/packagelist.in b/appliance/packagelist.in index b26ef23..4830962 100644 --- a/appliance/packagelist.in +++ b/appliance/packagelist.in @@ -23,7 +23,6 @@ btrfs-progs

I'd like to edit the HowTo/EncryptedFilesystem page the note on how to create a valid keyfile. This is not a trivial action. Creating a plaintext file in vim does not qualify as a valid password. Instead, a valid keyfile is created by doing the following: echo -n "password" > keyfile.key which explicitly creates the file with password on the first line with an explicit

Hello all, I posted the whole disk encryption instructions in the forum that has been briefly discussed on the list. I joined the list per Ned's post on the thread. http://www.centos.org/modules/newbb/viewtopic.php?viewmode=flat&topic_id=15923&forum=42 I have a couple of questions about the process of creating a wiki. 1. How does the peer-review process work? 2. Is there a place

I'm trying to install libguestfs on Debian squeeze installed from http://people.debian.org/~bengen/libguestfs/ It does not work. Here are the details: I was able to install libguestfs-tools and its dependencies. However, aptitude removed the following two packages: qemu and qemu-system. I'm not sure if it's okay or not. If I try to install those packages back, I get the

On 04/03/15 06:33 PM, Robert Nichols wrote: > On 03/04/2015 03:16 PM, Digimer wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Hi all, >> >> I created a LUKS encrypted partition via a udev-triggered script on >> 6.6 using --key-file /tmp/foo. This worked fine, and I can decrypt the >> LUKS partition via script and manually using

On Fri, Oct 09, 2020 at 05:02:57PM +0200, Martin Kletzander wrote: > Basically what I did was create a small disk, create one partition > over the whole disk, then cryptsetup luksFormat the partition, open > it and format it with a filesystem (without any LVM). That is one > of the things you were adding support for, but it is not limited to > Windows Bitlocker setup, it can just

Is there a risk associated with having authorized_keys files set to readable but "StrictMode no"? I am thinking particularly in the case of having public keys all centralized in a directory in /etc or something. Is it really a potential hack vector if someone can read a public key, or is the only real danger if they were writable? --- Don Hoover dxh at yahoo.com

(depends on Advance Storage Configuration patch) This patch adds the option of requesting, at install time, that swap LVs be encrypted. The modifications include: * Introduction of the ovirt_swap_encrypt install parameter * Inclusion of all required packages * Inclusion of required kernel modules * Introduction of /etc/ovirt-crypttab to hold encrypted swap configuration (Couldn't use

Is there an easy way (cli) to enable a luks encrypted partition after reboot (a partition that was not enabled while booting, because not in the crypttab). I can execute the necessary command stack [1] but just wondering if there is an "enterprise/easy" way to do that ... [1] cryptsetup luksOpen $(blkid -t TYPE="crypto_LUKS" -o device) \ luks-$(cryptsetup luksUUID

First, all credit to Vladimir Parkhaev as this is his code. He may have submitted this before for all I know, but I for one definitely would like to see this end up in the codebase, so I'm submitting it. *** openssh-5.1p1/serverloop.c Fri Jul 4 09:10:49 2008 --- openssh-5.1p1-RCFHACKS/serverloop.c Thu Jan 29 08:56:11 2009 *************** *** 957,962 **** --- 957,968 ---- c =

I would like to suggest a logging enhancement that would contribute greatly to access auditing. Currently nothing is logged when a user connects to another server as a different user. The auditing trail is broken for tracing access. userA> ssh userB at hostB A simple syslog addition (for example) to ssh.c closes that gap. /* Log into the remote system. This never

Hi, After FreeBSD changed from using -O2 to using -O on their ARM port, I found that sshd stopped working. (gcc version 4.2.1 20070719 [FreeBSD]) I have downloaded openssh-SNAP-20080220.tar.gz and the code still look the same. Anyway looking into it, I found that the problem is in monitor_fdpass.c in the functions mm_send_fd and mm_receive_fd. Using -O2 used to align the tmp array on a 4 byte

Hi, I had developed a program which spawns a shell where i am trying to use ssh commands to log into a linux server. There is a pop up dialog window which is prompting me for key-ing the password. Actually i want to get rid of this pop up dialog box, as i don't want this to be visible in my program/code execution. Could you please let me know is there any way to resolve and stop this

How difficult would it be to enhance the client ssh_config file to allow command-based declarations similar to that provided by the "Host" keyword? The main reason I need something like this is when ssh is used via CVS and Subversion. I want all CVS/Subversion traffic to use a different SSH port and different authentication options. So... you might have an ssh_config file that

Hi people, i had created encrypted device with cryptsetup/LUKS which i setup with an ext4 filesystem. This device is an external USB harddisk. When i plugin this device it will be automatically mounted by my gnome3 system (Debian Wheezey/Testing), but this week i got an error. I did ask the ask the LUKS developers what is the problem and they told me that this is an ext4 problem. The error