Results 1 to 7 of 7

Thread: luks password bypass in systemd

  1. #1
    Join Date
    Sep 2008
    Location
    St. Louis
    Posts
    91

    Post luks password bypass in systemd

    Hey,

    I've recently upgraded my backup machine from 11.4 to openSuSE 13.1 and I use an encrypted drive. In the past (prior to systemd) I could edit /lib/cryptsetup/boot.crypto.functions to look something like the following:

    Code:
    local cmd
                # map the devices
                if test -n "$luks" || cryptsetup isLuks "$device" &> /dev/null; then
                    luks='yes'
                    cmd=(luksOpen -d /path/to/my/key "$device" "$name")
                else
    However, doing this seems to no longer work as I get a prompt like:

    Code:
    Password entry required for 'Please enter passphrase for disk MYDISK (cr_mountpoint) on /mountpoint!' (PID ####).
    Please enter password with the systemd-tty-ask-password-agent tool!
    Does anyone know what file I might need to edit to fix this?

    Thanks!

  2. #2
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    15,664
    Blog Entries
    3

    Default Re: luks password bypass in systemd

    Quote Originally Posted by sailorcire View Post
    Does anyone know what file I might need to edit to fix this?
    If the key is in a file that is available at the right time during boot, you can put the path in "/etc/crypttab". Check the man page.
    openSUSE Leap 15.3; KDE Plasma 5.18.6;

  3. #3
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: luks password bypass in systemd

    On 2013-12-16 21:56, nrickert wrote:
    >
    > sailorcire;2608919 Wrote:
    >> Does anyone know what file I might need to edit to fix this?

    >
    > If the key is in a file that is available at the right time during boot,
    > you can put the path in "/etc/crypttab". Check the man page.


    This interests me.

    I read time ago that it was possible to keep a large key in a file
    stored in external media (memory card, usb stick...), and be prompted
    for a passphrase as well, before activating a encrypted partition.

    Thus if the memory stick is stolen, it is not enough to read the data.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 12.3 x86_64 "Dartmouth" at Telcontar)

  4. #4
    Join Date
    Sep 2008
    Location
    St. Louis
    Posts
    91

    Default Re: luks password bypass in systemd

    Quote Originally Posted by nrickert View Post
    If the key is in a file that is available at the right time during boot, you can put the path in "/etc/crypttab". Check the man page.
    Thanks, that did it!

    For those who are too lazy to read the manual (or in the event it changes in the future), the third parameter in /etc/crypttab can be a path to your key file.

    So you'd have an entry like:
    Code:
    cr_mountpoint /dev/sdX /path/to/keyfile none
    The fourth parameter is for other options.

  5. #5
    Join Date
    Sep 2008
    Location
    St. Louis
    Posts
    91

    Default Re: luks password bypass in systemd

    Quote Originally Posted by robin_listas View Post
    On 2013-12-16 21:56, nrickert wrote:
    This interests me.

    I read time ago that it was possible to keep a large key in a file
    stored in external media (memory card, usb stick...), and be prompted
    for a passphrase as well, before activating a encrypted partition.

    Thus if the memory stick is stolen, it is not enough to read the data.
    This sounds interesting as well, it might be very useful for a laptop.

    If you come across an article then I'd be interested, if not then oh well.

  6. #6
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: luks password bypass in systemd

    On 2013-12-16 22:56, sailorcire wrote:
    >
    > nrickert;2608959 Wrote:



    > For those who are too lazy to read the manual (or in the event it
    > changes in the future), the third parameter in /etc/crypttab can be a
    > path to your key file.


    Yep, I know that :-)

    But it does not ask you for a passphrase in addition to the file. I've
    never seen how to do that, only mentions that some people do it.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 12.3 x86_64 "Dartmouth" at Telcontar)

  7. #7
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: luks password bypass in systemd

    On 2013-12-16 23:06, sailorcire wrote:
    >
    > robin_listas;2608967 Wrote:



    >
    > This sounds interesting as well, it might be -very- useful for a laptop.
    >
    > If you come across an article then I'd be interested, if not then oh
    > well.


    Sure! But I have never seen it...

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 12.3 x86_64 "Dartmouth" at Telcontar)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •