similar to: NBDE, clevis and tang for non-root disk

On Tue, Nov 27, 2018 at 3:14 PM mark <m.roth at 5-cent.us> wrote: > What we do is to have the encryption key of the secondary filesystem in > /etc/crypttab, which is, of course, 600. As it boots, it decrypts from > that as > it mounts the rest of the system. > > mark > Thanks, this is working as expected and it gave me the hint needed to find the actual

Hi, Has anybody managed to get network disk bound disk encryption to work with a non-root disk? It works fine for the root device, but the moment I add another volume to /etc/crypttab the system will no longer boot automatically. A tcpdump on the tang server shows no traffic while the system is stuck at the LUKS password prompt. The second encrypted volume is set up in the same way as the root

This is about Network-Bound Disk Encryption (NBDE) not to be confused of course with NBD! NBDE is where you use disk encryption in your virtual machines. But instead of having to type a passphrase when the guest boots, there is a network server which gives out tokens, so as long as the guest is booted from the trusted network it is able to boot unattended. In RHEL[1] we have three pieces of

We've been required to encrypt h/ds, and so have been rolling that out over the last year or so. Thing is, you need to put in a password, of course, to boot the system. My manager found a way to allow us to reboot without being at the system's keyboard, a package called clevis. Works fine... except in a couple of very special cases. Those systems, the problem is that, due to older

John Hodrien wrote: > On Fri, 8 Jun 2018, m.roth at 5-cent.us wrote: > >> We've been required to encrypt h/ds, and so have been rolling that out >> over the last year or so. Thing is, you need to put in a password, of >> course, to boot the system. My manager found a way to allow us to reboot >> without being at the system's keyboard, a package called clevis.

Valeri Galtsev wrote: > > > On 06/08/18 10:27, m.roth at 5-cent.us wrote: >> John Hodrien wrote: >>> On Fri, 8 Jun 2018, m.roth at 5-cent.us wrote: >>> >>>> We've been required to encrypt h/ds, and so have been rolling that out >>>> over the last year or so. Thing is, you need to put in a password, of >>>> course, to boot the

On Fri, 8 Jun 2018, m.roth at 5-cent.us wrote: > We've been required to encrypt h/ds, and so have been rolling that out > over the last year or so. Thing is, you need to put in a password, of > course, to boot the system. My manager found a way to allow us to reboot > without being at the system's keyboard, a package called clevis. Works > fine... except in a couple of very

On 06/08/18 12:01, m.roth at 5-cent.us wrote: > Valeri Galtsev wrote: >> >> >> On 06/08/18 10:27, m.roth at 5-cent.us wrote: >>> John Hodrien wrote: >>>> On Fri, 8 Jun 2018, m.roth at 5-cent.us wrote: >>>> >>>>> We've been required to encrypt h/ds, and so have been rolling that out >>>>> over the last year or

On 06/08/18 10:27, m.roth at 5-cent.us wrote: > John Hodrien wrote: >> On Fri, 8 Jun 2018, m.roth at 5-cent.us wrote: >> >>> We've been required to encrypt h/ds, and so have been rolling that out >>> over the last year or so. Thing is, you need to put in a password, of >>> course, to boot the system. My manager found a way to allow us to reboot

Leon Fauster wrote: >> Am 20.06.2017 um 16:53 schrieb m.roth at 5-cent.us: >> >> Upgraded a RAID. Copied everything from backup. >> >> And then my manager said I had to encrypt the drive. >> >> I've done that, and made the filesystem, but I can't mount it. >> >> CentOS 6. >> I have the entry in /etc/crypttab, and a key in

Upgraded a RAID. Copied everything from backup. And then my manager said I had to encrypt the drive. I've done that, and made the filesystem, but I can't mount it. CentOS 6. I have the entry in /etc/crypttab, and a key in /etc/crypt.pw, and the luks UUID in /etc/fstab. I cannot find the command that tells it to create the device in /dev/mapper from the info in /etc/crypttab. Clues for

hi, we have successfully implemented at tang/clevis environment for automatically entering luks keys and booting hosts without operator intervention. Now we would like to use this as well on ipv6 networks, but I do not seem to get it to work. I have already posted this issue to the dracut devs github issue tracker ( https://github.com/dracutdevs/dracut/issues/554) but no response so far. Maybe

I'd like to edit the HowTo/EncryptedFilesystem page the note on how to create a valid keyfile. This is not a trivial action. Creating a plaintext file in vim does not qualify as a valid password. Instead, a valid keyfile is created by doing the following: echo -n "password" > keyfile.key which explicitly creates the file with password on the first line with an explicit

> Am 29.07.2019 um 22:37 schrieb J Martin Rushton via CentOS <centos at centos.org>: > > On 29/07/2019 20:58, mark wrote: >> Moved a server from the datacenter to our secure room. I've changed the >> DNS, and our dhcpd... and yet, every time it boots, it comes up with the >> IP it had in the datacenter. >> >> Any idea where it could be caching the

I'm sorry, but grep -i crypt /var/log/anaconda/anaconda.program.log returns nothing. But I have got an entry in /etc/crypttab. I only found this with grep -i luks /var/log/anaconda/anaconda.*: /var/log/anaconda/anaconda.storage.log:20:47:55,959 DEBUG blivet: LUKS.__init__: /var/log/anaconda/anaconda.storage.log:20:49:25,009 DEBUG storage.ui: LUKS.__init__:

Hi Chris, thanks for your answer. It is the first time I decided to encrypt my lvm. I choosed to encrypt the volume group, not every logical volume itself, because in case of doing lvm snapshots in that group they will be encrypted too? And how do I create a new encrypted volume group? Regards Tim Am 6. M?rz 2015 01:58:23 MEZ, schrieb Chris Murphy <lists at colorremedies.com>: >On

On 03/05/2015 06:58 PM, Chris Murphy wrote: > On Thu, Mar 5, 2015 at 2:09 PM, Tim <lists at kiuni.de> wrote: >> Hello list, >> >> I bought a Thinkpad T420 and installed CentOS 7 recently. >> >> I choosed to use lvm encryption for the entire volume group. It works so far. >> >> But now I am planning to install a second hard disk. My thought is to

Hello list, I bought a Thinkpad T420 and installed CentOS 7 recently. I choosed to use lvm encryption for the entire volume group. It works so far. But now I am planning to install a second hard disk. My thought is to create a new volume group on this additional disk. But how can I integrate/do this according to the existing encryption so that it will be decrypted by the same passphrase I use

Just rebuilt a C6 box last week as C7. Four drives, and sda and sdb for root, with RAID-1 and luks encryption. Layout: lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 931.5G 0 disk ??sda1 8:1 0 200M 0 part /boot/efi ??sda2

Folks, I have an issue: I've gotten that drive that I posted about the other day encrypted, and things were looking good... until there was a problem with another RAID attached to the box, and I wound up having to reboot. What had been /dev/sdb came up as /dev/sdc. So... is there any way other than using /dev/disk/by-uuid/<uUUID> as the second field in /etc/crypttab to deal with