trying encrypted partition: a "doh!" question

Bill Davidsen davidsen at tmr.com
Wed Jul 14 21:18:42 UTC 2010 

H.S. wrote:
> On 12/07/10 10:19 PM, Michael Cronenworth wrote:
>> On 07/12/2010 09:12 PM, H.S. wrote:
>>> Now I am looking for how to specify the encrypted partition in Debian's
>>> fstab so that I can mount it from within Debian.
>>>    
>> You will need to setup /etc/crypttab in your Debian installation and you 
>> will still need to input your passphrase upon mount (well, before mount, 
> 
> Just did this. Installed cryptsetup package. Created the entry in
> /etc/cryptab:
> crypthomefedora         UUID=<uuid here>       none luks
> 
> Created the relevant line in /etc/fstab:
> /dev/mapper/crypthomefedora /media/homefedora  ext4 defaults  1 2
> 
> Now when I boot into Debian, it asks for the password. I enter it and it
> continues to boot. I am able to read F13's home mounted on
> /media/homefedora when I am in Debian.
> 
> 
>> during cryptsetup luksOpen). If you do not want to use a passphrase then 
>> you will need to create a luks key and add it to your encrypted 
>> partition. Then you should be able to use the key to mount without being 
>> prompted. Defeats the purpose of needing external authentication though 
>> unless you have the key on a USB drive or something else that is protected.
> 
> I have started with encrypted partitions only yesterday when I installed
> F13. So this encrypted hard disk stuff is all new to me. I appreciate
> your comments. I will look into using a USB flash memory to store my
> keys. I agree regarding the disadvantage of having the keys on the hard
> disk itself though.
> 
So far, my only issue has been that the system doesn't want to boot without the 
password, not good for a server when the protected filesystem isn't needed to 
run (such as source or docs, contact info, etc). I attempted to "solve" this by 
using "noauto,user" so I could hand mount it, or putting it into automount, 
neither of which worked properly with fc11 where I tried it first.

-- 
Bill Davidsen <davidsen at tmr.com>
   "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot

More information about the users mailing list