autounlock luks encrypted drives upon startup with keyfile
Clash Royale CLAN TAG#URR8PPP up vote
0
down vote
favorite
i have a raidz2 zpool across 6 disks. i am using ubuntu server 16.04 LTS and i want to encrypt those disks with luks and have the system decrypt them on startup, so that zfs can use them.
how exactly do i configure luks so that upon startup it automatically decrypts those drives using a keyfile (generated with dd if=/dev/urandom...) stored on the root of the boot drive.
i'd also like for each drive to have a different key file. preferribly sha-512 or, heck, even something higher would be nice.
16.04 encryption luks zfs
asked May 15 at 17:35
bigblackcard
61
add a comment |Â
up vote
0
down vote
favorite
i have a raidz2 zpool across 6 disks. i am using ubuntu server 16.04 LTS and i want to encrypt those disks with luks and have the system decrypt them on startup, so that zfs can use them.
how exactly do i configure luks so that upon startup it automatically decrypts those drives using a keyfile (generated with dd if=/dev/urandom...) stored on the root of the boot drive.
i'd also like for each drive to have a different key file. preferribly sha-512 or, heck, even something higher would be nice.
16.04 encryption luks zfs
asked May 15 at 17:35
bigblackcard
61
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
i have a raidz2 zpool across 6 disks. i am using ubuntu server 16.04 LTS and i want to encrypt those disks with luks and have the system decrypt them on startup, so that zfs can use them.
how exactly do i configure luks so that upon startup it automatically decrypts those drives using a keyfile (generated with dd if=/dev/urandom...) stored on the root of the boot drive.
i'd also like for each drive to have a different key file. preferribly sha-512 or, heck, even something higher would be nice.
16.04 encryption luks zfs
asked May 15 at 17:35
bigblackcard
61
i have a raidz2 zpool across 6 disks. i am using ubuntu server 16.04 LTS and i want to encrypt those disks with luks and have the system decrypt them on startup, so that zfs can use them.
how exactly do i configure luks so that upon startup it automatically decrypts those drives using a keyfile (generated with dd if=/dev/urandom...) stored on the root of the boot drive.
i'd also like for each drive to have a different key file. preferribly sha-512 or, heck, even something higher would be nice.
16.04 encryption luks zfs
asked May 15 at 17:35
bigblackcard
61
asked May 15 at 17:35
bigblackcard
61
asked May 15 at 17:35
bigblackcard
61
asked May 15 at 17:35
bigblackcard
61
61
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
0
down vote
This is done in /etc/crypttab, something very similar to /etc/fstab
Just have a look at the man page.
So a line like that would do it.
myzfs UUId=e758456d-eb80-4eea-947c-9ac914643b61 /root/mykeyfile luks
where the UUID is the uuid of your LUKS volume, that you can find with blkid.
The unencrypted LUKS volume is available at /dev/mapper/myzfs. The name you gave to it above, in crypttab
Don't forget to add a line in /etc/fstab
/dev/mapper/myzfs /where/to/mount/it fstype defaults 0 2
answered May 15 at 19:57
solsTiCe
4,87721642
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
This is done in /etc/crypttab, something very similar to /etc/fstab
Just have a look at the man page.
So a line like that would do it.
myzfs UUId=e758456d-eb80-4eea-947c-9ac914643b61 /root/mykeyfile luks
where the UUID is the uuid of your LUKS volume, that you can find with blkid.
The unencrypted LUKS volume is available at /dev/mapper/myzfs. The name you gave to it above, in crypttab
Don't forget to add a line in /etc/fstab
/dev/mapper/myzfs /where/to/mount/it fstype defaults 0 2
answered May 15 at 19:57
solsTiCe
4,87721642
add a comment |Â
up vote
0
down vote
This is done in /etc/crypttab, something very similar to /etc/fstab
Just have a look at the man page.
So a line like that would do it.
myzfs UUId=e758456d-eb80-4eea-947c-9ac914643b61 /root/mykeyfile luks
where the UUID is the uuid of your LUKS volume, that you can find with blkid.
The unencrypted LUKS volume is available at /dev/mapper/myzfs. The name you gave to it above, in crypttab
Don't forget to add a line in /etc/fstab
/dev/mapper/myzfs /where/to/mount/it fstype defaults 0 2
answered May 15 at 19:57
solsTiCe
4,87721642
add a comment |Â
up vote
0
down vote
up vote
0
down vote
This is done in /etc/crypttab, something very similar to /etc/fstab
Just have a look at the man page.
So a line like that would do it.
myzfs UUId=e758456d-eb80-4eea-947c-9ac914643b61 /root/mykeyfile luks
where the UUID is the uuid of your LUKS volume, that you can find with blkid.
The unencrypted LUKS volume is available at /dev/mapper/myzfs. The name you gave to it above, in crypttab
Don't forget to add a line in /etc/fstab
/dev/mapper/myzfs /where/to/mount/it fstype defaults 0 2
answered May 15 at 19:57
solsTiCe
4,87721642
This is done in /etc/crypttab, something very similar to /etc/fstab
Just have a look at the man page.
So a line like that would do it.
myzfs UUId=e758456d-eb80-4eea-947c-9ac914643b61 /root/mykeyfile luks
where the UUID is the uuid of your LUKS volume, that you can find with blkid.
The unencrypted LUKS volume is available at /dev/mapper/myzfs. The name you gave to it above, in crypttab
Don't forget to add a line in /etc/fstab
/dev/mapper/myzfs /where/to/mount/it fstype defaults 0 2
answered May 15 at 19:57
solsTiCe
4,87721642
answered May 15 at 19:57
solsTiCe
4,87721642
answered May 15 at 19:57
solsTiCe
4,87721642
answered May 15 at 19:57
solsTiCe
4,87721642
4,87721642
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1036630%2fautounlock-luks-encrypted-drives-upon-startup-with-keyfile%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password