API tools faq
paste
Advertisement
Nomadadon

Untitled

Nomadadon
Jul 31st, 2018
76
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.85 KB | None | 0 0
raw download clone embed print report
  1. Docs:
  2. https://www.cyberciti.biz/hardware/howto-linux-hard-disk-encryption-with-luks-cryptsetup-command/
  3. https://www.howtoforge.com/automatically-unlock-luks-encrypted-drives-with-a-keyfile
  4.  
  5. Assumptions:
  6. 1) We are working on an Ubuntu 18.04 Machine
  7. 2) We want to use /dev/sdX ( USB connected drive ) as the audomounted backup device on /mnt/backups
  8.  
  9.  
  10. 1) Make sure all components are installed:
  11. # sudo apt install cryptsetup`
  12. 2) Configure the encrypted Luks parition
  13. # cryptsetup -y -v luksFormat /dev/sdX
  14. 3) Initialize the volume and set the inital passphrase:
  15. # cryptsetup luksOpen /dev/sdX backups
  16. 4) Verify it looks right:
  17. # cryptsetup -v status backups
  18. # cryptsetup luksDump /dev/sdX
  19. 5) Create a blank partition to make sure the mkfs doesn't leave usage patterns
  20. # pv -tpreb /dev/zero | dd of=/dev/mapper/backups bs=128M
  21. 6) Make a Filesystem in the encrypted device:
  22. # mkfs.ext4 /dev/mapper/backups
  23. 7) Mount the Filesystem
  24. # Mount /dev/mapper/backups /tmp/backups
  25.  
  26.  
  27. Automounting:
  28. -------------
  29. 1) Put Credentials in a .txt file and lock it down:
  30. # ls -la /root/.credentials.backup
  31. -r-------- 1 root root 14 Jul 27 08:33 /root/.credentials.backup
  32. 2) Set up luks to use the keyfile by putting this in /etc/crypttab
  33. sdX_crypt /dev/disk/by-uuid/61a7bd54-332d-43e8-97bd-e4534b2a67db /root/.credentials.backup luks
  34.  
  35. 3) Put an entry in /etc/auto/mnt
  36. backups -fstype=auto :/dev/mapper/backups
  37. * This is ext4, it can't have a uid=,gid= or umask=
  38.  
  39.  
  40. FAQ:
  41. ----
  42. How do I automatically unlock an encrypted partition?
  43. # sudo cryptdisks_start <volume_in_crypttab>
  44. sudo cryptdisks_start backups
  45.  
  46. How do I mount or remount encrypted partition?
  47. Type the following command:
  48. # cryptsetup luksOpen /dev/sdX backups
  49. # mount /dev/mapper/backups /backups
  50. # df -H
  51. # mount
  52.  
  53. How do I unmount and secure data?
  54. Type the following commands:
  55. # umount /backups
  56. # cryptsetup luksClose backups
  57.  
  58.  
  59. Can I run fsck on LUKS based partition / LVM volume?
  60. Yes, you can use the fsck command On LUKS based systems:
  61. # umount /backups
  62. # fsck -vy /dev/mapper/backups
  63. # mount /dev/mapper/backups /tmp/backups
  64.  
  65. See how to run fsck On LUKS (dm-crypt) based LVM physical volume for more details.
  66.  
  67. How do I change LUKS passphrase (password) for encrypted partition?
  68. Type the following command
  69. ### see key slots, max -8 i.e. max 8 passwords can be setup for each device ####
  70. # cryptsetup luksDump /dev/sdX
  71. # cryptsetup luksAddKey /dev/sdX
  72. : Enter any passphrase:
  73. : Enter new passphrase for key slot:
  74. : Verify passphrase:
  75. # Add a keyfile contents to the luks volume
  76. # cryptsetup luksAddKey /dev/sdX /root/.credentials
  77. : Enter any passphrase:
  78. : Enter new passphrase for key slot:
  79. : Verify passphrase:
  80.  
  81. Remove or delete the old password:
  82. # cryptsetup luksRemoveKey /dev/sdX
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!