Hi,
My problem is that I can't make a USB flash drive with a LUKS encrypted
partition be shown on desktop when is inserted. It's a fresh installation
of Debian Buster with xfce4.
Partitions in USB device:
# fdisk -l /dev/sdb
Disco /dev/sdb: 28,7 GiB, 3075200 bytes
On 2015-08-29 08:23:25 PM, Hans wrote:
> > > It would be nice, if someone could give me a clue, how to initialise the
> > > crypt related configurations.
> >
> > How did you set up your partitions? Do you use cryptsetup? Did you fill
> > out the relevant entries in /etc/cryptab? What happens if yo
Hello list,
I am having still the problem that my encrypted partition are not opened
at boot and thus cannot be mounted.
I believe, it might be a problem with systemd, but i am not experienced with
systemd, to have a clue, where to look.
IMO this is the related error message of systemd:
Aug 29 16
> In the meantime, does adding
> aes-x86-x64
> dm-crypt
> dm-mo
> sha256
> to /etc/initramfs-tools/modules help? (Followed by rebuilding.)
No, it did not. I added these already. It is strange, It is not the first time,
I changed to encrypted filesystems, but this time, it did not work.
It is cle
Quoting Hans (hans.ullr...@loop.de):
> Thanks for the info, but it did not work. However, I found out, that the
> problem
> is the initrd and it looks like initramfs-tools is the problem. It looks like
> the needed modules aes-x86-x64, dm-crypt, dm-mo and sha256 are not correctly
> added into
Hans a écrit :
>
>> Also, is it normal that fstab and crypttab contain the same UUIDs ?
>> AFAIK, fstab should contain filesystem UUIDs whereas crypttab should
>> contain LUKS UUIDs. I think that at least one file contains the wrong
> UUIDs.
> Thanks for the info, but it did not work.
What did n
Hi Pascal, and dear other helpers,
> There is not much difference between the two fstab. Only the mount
> options differ.
> Also, is it normal that fstab and crypttab contain the same UUIDs ?
> AFAIK, fstab should contain filesystem UUIDs whereas crypttab should
> contain LUKS UUIDs. I think that
Hans a écrit :
>
> fstab = this works with the trick
> fstab.orig = so it should be
> crypttab = my crypttab
There is not much difference between the two fstab. Only the mount
options differ.
Also, is it normal that fstab and crypttab contain the same UUIDs ?
AFAIK, fstab should contain filesyst
On Wed, 26 Aug 2015 23:54:16 +0200
Hans wrote:
Hello Hans,
>Very strange! I cannot send the content of my fstab and crypttab via
>e-mail! I can edit in the mail, but when I send the mail, it is gone.
It's in the HTML part only. Why it gets hidden/removed from the plain
text part, IDK.
--
Re
Very strange! I cannot send the content of my fstab and crypttab via e-mail! I
can edit in the mail, but when I send the mail, it is gone.
So I add it as a file.
fstab = this works with the trick
fstab.orig = so it should be
crypttab = my crypttab
Hope this works now.
Best Hans
# /etc/fstab:
Sorry, here is the fstab again:
This is the form, which I can boot:
-- snip -
# /etc/fstab: static file system information.
--- snap --
And this is the version, that should work.
-- snip -
# /etc/fstab: static file system information.
-- snap --
On Wednesday 26 August 2015 16:46:04 Hans wrote:
> No problem. This is /etc/fstab with which I can boot
>
> --- snip ---
>
> #
>
>
>
> and this is the form, it should be , but boot hangs:
>
>
> #
>
I see no /etc/fstab of any kind.
Lisi
Am Mittwoch, 26. August 2015, 10:21:51 schrieb David Wright:
> Quoting Hans (hans.ullr...@loop.de):
> > Yes, and I have new knoledges. I managed to get the debian startes
with a
> > trick.
> >
> > First I changes the entry in /etc/fstab from example
> > /dev/mapper/usr to UUID=rz98u98127290502957
Quoting Hans (hans.ullr...@loop.de):
> Yes, and I have new knoledges. I managed to get the debian startes with a
> trick.
>
> First I changes the entry in /etc/fstab from example
> /dev/mapper/usr to UUID=rz98u98127290502957whatever
Is there any reason not to post your /etc/fstab before and aft
Hi Tomas,
>> When I want to start debian, it ist starting, but when I have to enter
the
>> password, the keyboard is not working and frozen.
> Which password are you talking about here? The disk encryption's
passphrase?
I am talking of the password of the encrypted partitions.
> In that case y
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Aug 25, 2015 at 09:15:14PM +0200, Hans wrote:
> Hello all, I am spending now hours for hours with a problem, which I can not
> get fixed.
[...]
> When I want to start debian, it ist starting, but when I have to enter the
> password, the ke
On 08/25/2015 12:15 PM, Hans wrote:
Hello all, I am spending now hours for hours with a problem, which I can not
get fixed. ...
I do multi-boot as follows: put my hard drives into caddies, put a
docking bay in the computer, insert one hard drive, power up into CMOS
setup, check/set the clock
Hello all, I am spending now hours for hours with a problem, which I can not
get fixed.
It would be nice, if someone has a clue. The problem I have is very special.
My environment:
I have debian on my first harddrive, with /usr and /var on an enrypted
filesystem. There are the correct entries
Hello,
Anyone knows the correct preseed and debconf commands/HD recipe in order to
encrypt a single partition with partman-crypto for an automated install? I do
not want to use LVM and I could not find any single documentation mentioning
how to do that whith wheezy.
Basically my HD partitionin
Hello,
Anyone knows the correct preseed and debconf commands/HD recipe in order to
encrypt a single partition with partman-crypto for an automated install? I do
not want to use LVM and I could not find any single documentation mentioning
how to do that whith wheezy.
Basically my HD partitionin
Richard Hector wrote:
> Bob Proulx wrote:
> > In any case... I wanted to add an additional comment. I have
> > been thinking of doing something like this myself. I haven't done
> > it yet but if I were implementing this then I think I would have
> > ...
>
> This is, like many things you post, r
.
>
> Lock the key server to the remote server's IP address. The
> machine could also block waiting for the external keys and allow
> you to acknowledge them if you wanted the extra security. After
> acknowledging them the machine would continue to boot normally.
>
> If the
Le 22/04/2013 21:24, Bob Proulx a écrit :
Again let me apologize. Sorry for the diversion down the rabbit hole. Bob
No harm done : I was not in a hurry, and I learned very interesting things.
Thnaks for the help.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subjec
those services (thus losing
> the information about their starting order) through update-rc.d
> disable (which also means each upgrade will now get polluted by
> messages saying their start runlevel are different from default) and
> starting them from my encrypted partition mounting script.
I t
g the
information about their starting order) through update-rc.d disable
(which also means each upgrade will now get polluted by messages saying
their start runlevel are different from default) and starting them from
my encrypted partition mounting script.
--
To UNSUBSCRIBE, email to debian-user
Erwan David wrote:
> Ok, here is a policy-rc.d which does not work :
Since I led you down this road I set up a test system. I have been
using policy-rc.d in chroots seemlingly forever and they definitely
work there. They definitely prevent package upgrades from starting
daemons.
invoke-rc.d:
Erwan David wrote:
> I have problems withe the documentation of poilcy-rc.d, mainly te
> fact it seems to be for the sole usage of package maintainers, not
> of administrators of the machine, (see the fact taht alternatives
> MUST be used), and that I do not understand at all what an
> out-of-runle
Erwan David wrote:
> Bob Proulx a écrit :
> >Erwan David wrote:
> >>update-rc.d dovecot disable 2
> >>reboot, indeed dovecot is not started
> >>telinit 3
> >>dovecot does not start (even if there is a Sxxdovecot in /etc/rc3.d)
> >Hmm... It should start. I just tested this on a service locally and
Le 20/04/2013 23:37, Erwan David a écrit :
I have problems withe the documentation of poilcy-rc.d, mainly te fact
it seems to be for the sole usage of package maintainers, not of
administrators of the machine, (see the fact taht alternatives MUST be
used), and that I do not understand at all wh
Le 11/04/2013 08:25, Bob Proulx a écrit :
Erwan David wrote:
2) add at the beginning of each /etc/init.d/myserv a test to stop if
the encrypted partition is not mounted
Neither of those solutions seems acceptable for me.
So if someone has an idea, I'm listening.
I would do one of two t
Le 17/04/2013 01:15, Bob Proulx a écrit :
Erwan David wrote:
update-rc.d dovecot disable 2
reboot, indeed dovecot is not started
telinit 3
dovecot does not start (even if there is a Sxxdovecot in /etc/rc3.d)
Hmm... It should start. I just tested this on a service locally and
it starts for me.
or the external keys and allow you to
acknowledge them if you wanted the extra security. After
acknowledging them the machine would continue to boot normally.
If the machine were stolen then the encrypted partition would not be
unlocked automatically since it would then come from a different IP
address.
Le 13/04/2013 01:44, Rick Thomas a écrit :
On Apr 12, 2013, at 12:56 PM, Erwan David wrote:
However, booting in level 2 then using telinit 3 do not start the
services that I setup not to start in level 2... Thus I'll switch to
policy-rd method.
I'm surprised to hear that...
What did you
On Apr 12, 2013, at 12:56 PM, Erwan David wrote:
However, booting in level 2 then using telinit 3 do not start the
services that I setup not to start in level 2... Thus I'll switch to
policy-rd method.
I'm surprised to hear that...
What did you do to test? If you can give us some detai
key and
mounting the encrypted partition switching to runlevel 3 where they
are started ?
Indeed it may also be a good solution.
Yup. I thought so too.
Enjoy!
And which method is more likely to resist a transition of debian to systemd ?
Humour?
No, a concern, because I'd like to do some
On Fri, Apr 12, 2013 at 09:53:17AM +0200, Erwan David wrote:
> On Fri, Apr 12, 2013 at 06:12:55AM CEST, Rick Thomas
> said:
> > >You mean booting in level 2, where dovecot, postgresql, etc. are
> > >not started (but ssh is), then after giving the decryption key and
>
On Fri, Apr 12, 2013 at 06:12:55AM CEST, Rick Thomas said:
> >You mean booting in level 2, where dovecot, postgresql, etc. are
> >not started (but ssh is), then after giving the decryption key and
> >mounting the encrypted partition switching to runlevel 3 where t
if
the encrypted partition is not mounted
Neither of those solutions seems acceptable for me.
So if someone has an idea, I'm listening.
I would do one of two things. Either I would remove the /etc/
rc?.d/S*
links associated with the services you don't want to start, or make
the
Le 11/04/2013 20:53, Rick Thomas a écrit :
On Apr 11, 2013, at 12:22 AM, Erwan David wrote:
On Thu, Apr 11, 2013 at 08:25:56AM CEST, Bob Proulx
said:
Erwan David wrote:
2) add at the beginning of each /etc/init.d/myserv a test to stop if
the encrypted partition is not mounted
Neither of
On Apr 11, 2013, at 12:22 AM, Erwan David wrote:
On Thu, Apr 11, 2013 at 08:25:56AM CEST, Bob Proulx
said:
Erwan David wrote:
2) add at the beginning of each /etc/init.d/myserv a test to stop if
the encrypted partition is not mounted
Neither of those solutions seems acceptable for me.
So
On Thu, Apr 11, 2013 at 08:25:56AM CEST, Bob Proulx said:
> Erwan David wrote:
> > 2) add at the beginning of each /etc/init.d/myserv a test to stop if
> > the encrypted partition is not mounted
> >
> > Neither of those solutions seems acceptable for me.
> >
&
Erwan David wrote:
> 2) add at the beginning of each /etc/init.d/myserv a test to stop if
> the encrypted partition is not mounted
>
> Neither of those solutions seems acceptable for me.
>
> So if someone has an idea, I'm listening.
I would do one of two things. Either
t manually through
service myserv start (it generally do not work in debian since
/etc/init.d.myserv will check in /etc/default wether to start service
or not)
2) add at the beginning of each /etc/init.d/myserv a test to stop if
the encrypted partition is not mounted
Neither of those solutions seems
On Wed, May 27, 2009 at 06:52:20AM +0100, Aron wrote:
> About 4 years of research I have in there so far got that gut feeling
> it's going up in smokes.
I surely hope you have backups, either not encrypted or encrypted with
something else (I use openssl).
Doug.
--
To UNSUBSCRIBE, email to d
Aron wrote:
About 4 years of research I have in there so far got that gut feeling
it's going up in smokes.
Does that imply that you have no backup of your 4 years of research?
Done all I could by no luck so looking for help.
After you boot your system, try to mount the partition manua
The title says a lot.
I'm using lenny all of a sudden the partition where I keep my data which
has been encrypted with luks gets identified by vol_id and blkid as ntfs
rather than luks_cryptofs.
While it was booting the fsck failed gave me a Ctrl+D to continue.
It even mounts automatically as
Eduardo M KALINOWSKI escreveu:
> I intend to use encrypted partitions in my new system, probably
> using dm-crypt with the suggested settings. I understand this will have
> an impact on performance, but how big it is? I'm talking about a Core 2
> Duo E8400 (@ 3.0GHz) with 2Gb of RAM. Will it be
Giorgos D. Pallas wrote:
> Eduardo M KALINOWSKI wrote:
>> I intend to use encrypted partitions in my new system, probably
>> using dm-crypt with the suggested settings. I understand this will have
>> an impact on performance, but how big it is? I'm talking about a Core 2
>> Duo E8400 (@ 3.0GHz
Eduardo M KALINOWSKI wrote:
> I intend to use encrypted partitions in my new system, probably
> using dm-crypt with the suggested settings. I understand this will have
> an impact on performance, but how big it is? I'm talking about a Core 2
> Duo E8400 (@ 3.0GHz) with 2Gb of RAM. Will it be re
Sam Kuper wrote:
> I don't know about dm-crypt performance, but you might be interested
> in seeing the TrueCrypt benchmarks posted here:
> http://www.truecrypt.org/screenshots2.ph
Interesting. It just lacks an "unencrypted" test for comparison. :-)
Those values are considerably above the maximum
2008/10/23 Eduardo M KALINOWSKI <[EMAIL PROTECTED]>
>
>I intend to use encrypted partitions in my new system, probably
> using dm-crypt with the suggested settings. I understand this will have
> an impact on performance, but how big it is? I'm talking about a Core 2
> Duo E8400 (@ 3.0GHz) with
I intend to use encrypted partitions in my new system, probably
using dm-crypt with the suggested settings. I understand this will have
an impact on performance, but how big it is? I'm talking about a Core 2
Duo E8400 (@ 3.0GHz) with 2Gb of RAM. Will it be really noticeable?
--
Eduardo M Kali
On Mon, Sep 22, 2008 at 07:22:44PM -0400, Rick Thomas wrote:
> Since top-posting is discouraged on this list, my comments are at the
> bottom of this email...
Right, but just scrolling to the bottom and typing your message is just
as bad IMO
[snip heaps of unnecessay text]
> I have the same qu
escribed.
Cheers,
Cassiano Leal
--
View this message in context: http://www.nabble.com/encrypted-
partition-question-tp19316048p19591597.html
Sent from the Debian User mailing list archive at Nabble.com.
I have the same question.
A clue can be found in /usr/share/doc/cryptsetup/README.init
t your step 3 to include all four fields in
> /etc/crypttab you will be automatically asked for the passphrase next time
> you boot the machine, so edit the file and substitute:
>
> crypt /dev/hda6
>
> for
>
> crypt /dev/hda6 none luks
>
> Save the file and reboot.
Hi Alexander,
you may want to look here for simple step by tep guide on how to
encrypt partitions with luks encryption.
http://www.linuxconfig.org/Partition_Encryption
On Sun, Sep 7, 2008 at 7:53 AM, markus reichelt <[EMAIL PROTECTED]> wrote:
>>On Thu, Sep 04, 2008 at 08:03:48PM +0200, Maciej Ko
>On Thu, Sep 04, 2008 at 08:03:48PM +0200, Maciej Korze? wrote:
>> Alexander Golovin wrote:
>>> [...]
>>> 2. Created the cryptographic device mapper: cryptsetup -y
>>> create crypt /dev/hda6 (entered passphrase twice) [...]
>>
>> cryptoloop is not the best choice:
>> http://mareichelt.de/pub/texts.
On Thu, 4 Sep 2008 17:48:34 -0300
"Cassiano Leal" <[EMAIL PROTECTED]> wrote:
> options, refer to "man /etc/crypttab"
>
> My guess is that if you correct your step 3 to include all four
> fields in /etc/crypttab you will be automatically asked for the
> passphrase next time you boot the machine, s
I've used cryptsetup with luks options, saved new data, rebooted my
system, asked about passphrase in the boot level, and now I have mounted
my crypto partition with saved data.
That's what I did step by step:
1. I've added modules: aes, dm_mod, dm_crypt, to /etc/modules
2. Created the cryptog
On Thu, Sep 4, 2008 at 5:23 PM, Alexander Golovin <[EMAIL PROTECTED]>wrote:
>
> Hi Cassiano!
Hi!
> You've written:
> "a far as I know the mapping should be recreated each time you reboot
> using /sbin/cryptsetup. We are using luks extension and at each reboot
> we need to issue cryptsetup luk
Hi Cassiano!
You've written:
"a far as I know the mapping should be recreated each time you reboot
using /sbin/cryptsetup. We are using luks extension and at each reboot
we need to issue cryptsetup luksOpen .
/etc/crypttab should make the use of this command unecessary. The
passphrase will th
On Thu, Sep 04, 2008 at 08:03:48PM +0200, Maciej Korzeń wrote:
> Alexander Golovin wrote:
>> [...]
>> 2. Created the cryptographic device mapper: cryptsetup -y create crypt
>> /dev/hda6 (entered passphrase twice)
>> [...]
>
> cryptoloop is not the best choice:
> http://mareichelt.de/pub/texts.cryp
On Thu, Sep 4, 2008 at 2:48 PM, Andrea Bicciolo <[EMAIL PROTECTED]>wrote:
> Alexander,
>
> a far as I know the mapping should be recreated each time you reboot using
> /sbin/cryptsetup. We are using luks extension and at each reboot we need to
> issue cryptsetup luksOpen .
/etc/crypttab should
Alexander Golovin wrote:
[...]
2. Created the cryptographic device mapper: cryptsetup -y create crypt
/dev/hda6 (entered passphrase twice)
[...]
cryptoloop is not the best choice:
http://mareichelt.de/pub/texts.cryptoloop.php.
:-)
--
Maciej Korzeń
[EMAIL PROTECTED], [EMAIL PROTECTED]
--
T
Alexander,
a far as I know the mapping should be recreated each time you reboot
using /sbin/cryptsetup. We are using luks extension and at each reboot
we need to issue cryptsetup luksOpen .
Then we can mount /dev/mapper/mappername.
Hope this help,
Andrea
Alexander Golovin ha scritto:
I w
On Thu, Sep 4, 2008 at 2:25 PM, Alexander Golovin <[EMAIL PROTECTED]>wrote:
>
> I was trying to encrypt my ext3 partition /dev/hda6, that's what I did:
>
> 1. I've added modules: aes, dm_mod, dm_crypt, to /etc/modules
> 2. Created the cryptographic device mapper: cryptsetup -y create crypt
> /dev
I was trying to encrypt my ext3 partition /dev/hda6, that's what I did:
1. I've added modules: aes, dm_mod, dm_crypt, to /etc/modules
2. Created the cryptographic device mapper: cryptsetup -y create crypt
/dev/hda6 (entered passphrase twice)
3. Changed this options:
echo "crypt /dev/hda6" >> /
Hi guys.
I'm wondering if there's a way I can encrypt my / partition as a
loopback encrypted filesystem and somehow use a ramdisk iamge to ask me
for the password.
What would I need to do this?
Thanks.
Tommy
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trou
> This means you've the wrong password.
>
> Common reasons are different keyboard setups or differences in the key
> generation algorithms between SuSE's twofish and cryptoapi. Take a
> SuSE-Kernel and their version of losetup and type the password on the
> console, to verify the keymapping.
I re
69 matches
Mail list logo
