I have a running Fedora 21 system. I would like to make a backup of it to a USB drive, a clone that can be booted. I know how to do all the "normal" stuff (partition, LVM, mkfs, rsync, and GRUB), but I'd like the USB drive to be encrypted, and I don't know how to set that up manually (I haven't messed with encrypted filesystems under Linux before).
The system I'm backing is also headless, so no GUI tools.
Pointers, tips, suggestions? Thanks.
On Wed, Jul 15, 2015 at 20:21:25 -0500, Chris Adams linux@cmadams.net wrote:
I have a running Fedora 21 system. I would like to make a backup of it to a USB drive, a clone that can be booted. I know how to do all the "normal" stuff (partition, LVM, mkfs, rsync, and GRUB), but I'd like the USB drive to be encrypted, and I don't know how to set that up manually (I haven't messed with encrypted filesystems under Linux before).
The system I'm backing is also headless, so no GUI tools.
Pointers, tips, suggestions? Thanks.
cryptsetup is the program used to create LUKS devices. I run LUKS on top of separate raid arrays, but you might also want to have just one LUKS device and run LVM on top of that.
Look Arch Linux's wiki for LUKS / dm-crypt, you will probably need to read some documentation but in an hour or less you should be able to create an encrypted partition, an encrypted swap, learn how to unlock it manually or via cryptab/cryptsecrets and so on. GL.
On Wed, Jul 15, 2015, 22:21 Chris Adams linux@cmadams.net wrote:
I have a running Fedora 21 system. I would like to make a backup of it to a USB drive, a clone that can be booted. I know how to do all the "normal" stuff (partition, LVM, mkfs, rsync, and GRUB), but I'd like the USB drive to be encrypted, and I don't know how to set that up manually (I haven't messed with encrypted filesystems under Linux before).
The system I'm backing is also headless, so no GUI tools.
Pointers, tips, suggestions? Thanks.
Chris Adams linux@cmadams.net
users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
The gist is:
cryptsetup, you can use the defaults which uses aes-xts-plain64 with a 256 bit key. I like the -y and -v options.
You'll need to create or modify the /etc/crypttab file, which takes the form of: <anyname> <uuid> none
The name can be anything but I do it the anaconda way which is luks-<uuid> and then <uuid> is the LUKS UUID reported by blkid.
Use that same UUID in the form rd.luks=UUID=<uuid> as a boot parameter in /etc/default/grub and then grub2-mkconfig -o /boot/grub2/grub.cfg or grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg as the case may be if you have a UEFI system
And finally, the fstab entry is created the same as if it weren't encrypted, you still use the fs volume UUID as reported by blkid.
And since i have it handy, the rsync command anaconda uses is:
rsync -pogAXtlHrDx
Chris Murphy
Thank you! (The rsync flags that Anaconda uses is definitely a plus)
On Wed, Jul 15, 2015, 23:58 Chris Murphy lists@colorremedies.com wrote:
The gist is:
cryptsetup, you can use the defaults which uses aes-xts-plain64 with a 256 bit key. I like the -y and -v options.
You'll need to create or modify the /etc/crypttab file, which takes the form of: <anyname> <uuid> none
The name can be anything but I do it the anaconda way which is luks-<uuid> and then <uuid> is the LUKS UUID reported by blkid.
Use that same UUID in the form rd.luks=UUID=<uuid> as a boot parameter in /etc/default/grub and then grub2-mkconfig -o /boot/grub2/grub.cfg or grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg as the case may be if you have a UEFI system
And finally, the fstab entry is created the same as if it weren't encrypted, you still use the fs volume UUID as reported by blkid.
And since i have it handy, the rsync command anaconda uses is:
rsync -pogAXtlHrDx
Chris Murphy
users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
-
Bruno Wolff III -
Chris Adams -
Chris Murphy -
Martin Cigorraga