Encrypted File system issues
Hello ,
I recently installed Centos 6.2 , during the installation I used the installer Disk Manager to create '/' as encrypted file system. Now by default , every time the system reboots I have to insert the password for opening the encrypted file system. The problem is after I created a pass file for automatic opening of the encrypted file system , Its still askes for the password. ================ Code:
cryptsetup luksDump /dev/sda3 Code:
[root@crypted ~]# cryptsetup isLuks /dev/sda3 Code:
================ I wonder if I missed something this is grub.conf Code:
================ |
According to this document, if you are encrypting the root partition, you should leave at least 1 other partition un-encrypted. That would be the /boot partition which includes the grub.conf file. Check the section with the title: Encrypted root filesystem.
|
I know that , but /boot is not encrypted
Quote:
Quote:
|
Well if you have the encrypted part in fstab set to auto mount, and it asks for the password on boot, then it shouldn't ask again.
|
daviddbb: You kept the passfile under /root. By the time you boot your server the whole / partition is encrypted, including the passfile. You should keep it under /boot instead.
|
As indicated, if cryptab is on / rather than boot it isn't available until after / is decrypted.
Keeping the key-file in the unecrypted /boot partition on the same system basically makes the encryption pointless as anyone can then access the encrypted partitions. A better way it to store the key-file on a USB keydrive or CD/DVD that is accessible to be read by the system at boot time and can be removed and kept separate otherwise. |
All times are GMT -5. The time now is 12:29 PM. |