I can’t seem to get an encrypted partition to recognize a keyfile. It is a backup partition that I would like to keep unmounted until a cron-script runs once a week to backup my sensitive data. In order for the script to run without my assistance, I thought I’d use a keyfile to authorize the mount.
So far I’ve created a keyfile and have added it to the partition using “luksKeyAdd”. It didn’t really say it was successful, but when I do a luksdump, it shows that another key slot has been enabled, so I believe it worked.
After that I created a /etc/crypttab file with the following:
backup_sdd1 /dev/sdd1 /root/backup luks
/dev/sdd1 being the backup partition, and /root/backup being the keyfile
After rebooting, I am still prompted for a password when trying to mount the encrypted partition (sdd1), and there is no device “/dev/mapper/backup_sdd1” created like I believe there should be.
I haven’t added any entries to fstab, as I don’t want this partition to mount at boot.
Any assistance you could provide would be greatly appreciated.
I found that using a standard cryptsetup “luksOpen” command with the --key-file option works fine, so I added it to my backup script and it works for what I need it for.
I never could get crypttab to do anything. Is this a bug in 11.3? Has anybody else had any success decrypting a partition at boot with crypttab?
Am I doing something wrong? At boot, it says it can’t fsck one of the disks and kicks me into recovery mode. I’ve tried several different crypttab entries (pointing to keyfiles, using the /dev/sdXX address, etc.) and it doesn’t change anything, same error at startup.
On 2010-10-22 07:36, queequeg wrote:
>
> robin_listas;2240757 Wrote:
> Could you check mine out to see if I’m doing it correctly? Here is my
> /etc/crypttab:
>
> Code:
> --------------------
> backup_crypt /dev/disk/by-id/ata-ST31000333AS_6TE0D582-part1 none none
> --------------------
>
>
> And here is my corresponding fstab entry:
>
> Code:
> --------------------
> /dev/mapper/backup_crypt /fullbackup ext4 defaults 1 2
> --------------------
>
>
> Am I doing something wrong? At boot, it says it can’t fsck one of the
> disks and kicks me into recovery mode. I’ve tried several different
> crypttab entries (pointing to keyfiles, using the /dev/sdXX address,
> etc.) and it doesn’t change anything, same error at startup.
No, it is fstab which is the problem. That “2” there means “fsck it”, which happens probably before
it ask for the password, and thus the mapped device does not exist. The standard failure message
says to fsck, but it should also mention that perhaps you have to edit fstab instead for incorrect
lines.
The noauto means that mount should not try to mount it automatically (the /etc/init.d/boot.crypto
does it), and the nofail means “Do not report errors for this device if it does not exist”. The fsck
is done by the boot script if necessary.
Try that and tell me if it works
–
Cheers / Saludos,
Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)
