Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Docs:
- https://www.cyberciti.biz/hardware/howto-linux-hard-disk-encryption-with-luks-cryptsetup-command/
- https://www.howtoforge.com/automatically-unlock-luks-encrypted-drives-with-a-keyfile
- Assumptions:
- 1) We are working on an Ubuntu 18.04 Machine
- 2) We want to use /dev/sdX ( USB connected drive ) as the audomounted backup device on /mnt/backups
- 1) Make sure all components are installed:
- # sudo apt install cryptsetup`
- 2) Configure the encrypted Luks parition
- # cryptsetup -y -v luksFormat /dev/sdX
- 3) Initialize the volume and set the inital passphrase:
- # cryptsetup luksOpen /dev/sdX backups
- 4) Verify it looks right:
- # cryptsetup -v status backups
- # cryptsetup luksDump /dev/sdX
- 5) Create a blank partition to make sure the mkfs doesn't leave usage patterns
- # pv -tpreb /dev/zero | dd of=/dev/mapper/backups bs=128M
- 6) Make a Filesystem in the encrypted device:
- # mkfs.ext4 /dev/mapper/backups
- 7) Mount the Filesystem
- # Mount /dev/mapper/backups /tmp/backups
- Automounting:
- -------------
- 1) Put Credentials in a .txt file and lock it down:
- # ls -la /root/.credentials.backup
- -r-------- 1 root root 14 Jul 27 08:33 /root/.credentials.backup
- 2) Set up luks to use the keyfile by putting this in /etc/crypttab
- sdX_crypt /dev/disk/by-uuid/61a7bd54-332d-43e8-97bd-e4534b2a67db /root/.credentials.backup luks
- 3) Put an entry in /etc/auto/mnt
- backups -fstype=auto :/dev/mapper/backups
- * This is ext4, it can't have a uid=,gid= or umask=
- FAQ:
- ----
- How do I automatically unlock an encrypted partition?
- # sudo cryptdisks_start <volume_in_crypttab>
- sudo cryptdisks_start backups
- How do I mount or remount encrypted partition?
- Type the following command:
- # cryptsetup luksOpen /dev/sdX backups
- # mount /dev/mapper/backups /backups
- # df -H
- # mount
- How do I unmount and secure data?
- Type the following commands:
- # umount /backups
- # cryptsetup luksClose backups
- Can I run fsck on LUKS based partition / LVM volume?
- Yes, you can use the fsck command On LUKS based systems:
- # umount /backups
- # fsck -vy /dev/mapper/backups
- # mount /dev/mapper/backups /tmp/backups
- See how to run fsck On LUKS (dm-crypt) based LVM physical volume for more details.
- How do I change LUKS passphrase (password) for encrypted partition?
- Type the following command
- ### see key slots, max -8 i.e. max 8 passwords can be setup for each device ####
- # cryptsetup luksDump /dev/sdX
- # cryptsetup luksAddKey /dev/sdX
- : Enter any passphrase:
- : Enter new passphrase for key slot:
- : Verify passphrase:
- # Add a keyfile contents to the luks volume
- # cryptsetup luksAddKey /dev/sdX /root/.credentials
- : Enter any passphrase:
- : Enter new passphrase for key slot:
- : Verify passphrase:
- Remove or delete the old password:
- # cryptsetup luksRemoveKey /dev/sdX
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement