creating a encrypted disk with luks
our Little problem here to mount a encrypted disk automatically on boot
so no need to enter the pass for mounting but this risky if the machine theft happen because we will use a key inside the system and it will be leaked if our machine stolen
so lets do it first we have to create a key and add it our partition
to create a key
|
1 2 3 4 5 6 7 8 |
[root@localhost ~]# dd if=/dev/random of=/root/key bs=4096 count=1 0+1 records in 0+1 records out 113 bytes (113 B) copied, 0.000462577 s, 244 kB/s [root@localhost ~]# cat /root/key y��]da�0�k�yhv�A��l�fn���ZÇ�_i)SK��D�Y�6ó�S��w���;�V�����,���+"���OE����{�[hf� �OR� [root@localhost ~]# |
don’t forget it to set key permission to be 600
now we need to tell our luks partition to use this key
|
1 2 3 |
[root@localhost ~]# cryptsetup luksAddKey /dev/sdb1 /root/key Enter any passphrase: [root@localhost ~]# |
now we need to make it available in device mapper
to use encrypted disks while boot there is a crypt tab
|
1 2 3 |
vi /etc/crypttab crypted1 /dev/sdb1 /root/keyfirst field is the device mapper name |
the second one is the disk partition
third is the key file
|
1 2 3 |
[root@localhost ~]# vi /etc/fstab /dev/mapper/crypted1 /mnt/crypted1 ext4 defaults 0 0 |
as u can see we put the device mapper name that we used it in crypttab file and normal mount
reboot the system and enjoy it