View previous topic :: View next topic |
Author |
Message |
davidm Guru
Joined: 26 Apr 2009 Posts: 557 Location: US
|
Posted: Thu Nov 12, 2015 11:10 pm Post subject: Have to enter my password 4 times with LUKS / btrfs array |
|
|
Hello I changed my setup around and I will briefly show what I have first as it makes sense.
/dev/sdb1 ----- unencrypted ext4 boot partition, non-lvm [auto mounted]
/dev/sdb2 ----- physical primary partition housing Luks on LVM
-------- Luks
---------------------LVM
--------------------------------root (ext4) [auto mounted]
-------------------------------swap (ext4) [auto mounted]
/dev/sde1 --------------- LUKS encrypted backup partition, no LVM (ext4) [mounted manually]
****** Everything above is currently working fine. Below is the problem *********
Btrfs array on LUKS (no-LVM) [auto mounted]
3 disk btrfs raid1 array ---- "data1"
/dev/sda1 ------ btrfs raid1 array
/dev/sdc1 ------ btrfs raid1 array
/dev/sdd1 ------ btrfs raid1 array
Systemd. Genkernel-next (only for initramfs) and kernel 4.3 (custom compiled) currently (but again the boot, swap and root functionality is fine. It's the separate btrfs array which is an axillary array that is the problem)
* All LUKS drives use password based security and all but /dev/sde1 (the backup drive) use the same password. *
Here's the issue. Everything tries to automount but I get asked for a password four different times in succession. First for /dev/sdb2 then for the btrfs array with /dev/sda1, /dev/sdc1, /dev/sdd1. Again, all passwords the same.
According to my research systemd is supposed to try the same password for the other drives automatically. I wouldn't neccesarily mind having to enter it twice (though once would be great) -- once for the LUKS lvm array housing rootand swap and then again once for the btrfs array. But instead it's requiring it for all four separately.
How can I get it to do this without using a separate key file based security (I'd like to stick with just passwords if possible)
Here are my /etc/crypttab and /etc/fstab files:
/etc/crypttab: (uuids slightly redacted for privacy)
Code: |
encrypted1 /dev/sde1 none luks,timeout=180,nofail,noauto
enc1 UUID=812f8d46-xxxx-42ff-bc28-b70f75f9fe40 none luks,auto
enc2 UUID=967e9d24-xxxx-4d2f-9674-0391bb0c12a2 none luks,auto
enc3 UUID=7dc3a05f-xxxx-4815-8010-b8ecb467669e none luks,auto
|
/etc/fstab: (uuids slightly redacted for privacy)
Code: |
/dev/cdrom /mnt/cdrom auto noauto,ro 0 0
/dev/sdb1 /boot ext4 defaults,noatime,auto 0 2
/dev/ext4encrypted/rootvol / ext4 defaults,noatime,auto 0 1
/dev/ext4encrypted/swapvol none swap defaults,nofail,noatime 0 0
/dev/mapper/encrypted1 /mnt/encrypted1 ext4 defaults,noatime,noauto,nofail 0 0
UUID=1727639a-xxxx-4745-a959-85270093bbf5 /mnt/data1 btrfs rw,auto,autodefrag,compress=lzo,noatime,nofail 0 0
|
Systemd version / use flags:
Code: |
Installed versions: 226-r1(12:22:24 AM 11/12/2015)(acl cryptsetup kdbus kmod lz4 pam policykit seccomp ssl -apparmor -audit -curl -elfutils -gcrypt -gnuefi -http -idn -importd -lzma -nat -qrcode -selinux -sysv-utils -test -vanilla -xkb ABI_MIPS="-n32 -n64 -o32" ABI_PPC="-32 -64" ABI_S390="-32 -64" ABI_X86="64 -32 -x32")
|
Thank you for any hints! Entering the same password four times is getting a little old. |
|
Back to top |
|
|
Syl20 l33t
Joined: 04 Aug 2005 Posts: 619 Location: France
|
Posted: Fri Nov 13, 2015 12:12 pm Post subject: |
|
|
As the four password questions are made by four different (even same) tasks, the only method I see is putting your password in an area (File ? Pipe ? Another way ?) accessible by all the processus that need it. Very unsecure, even if the area in question is temporary...
You can add a keyfile decryption for the three last volumes, and put the file in the first, for exemple. |
|
Back to top |
|
|
frostschutz Advocate
Joined: 22 Feb 2005 Posts: 2977 Location: Germany
|
Posted: Fri Nov 13, 2015 12:49 pm Post subject: Re: Have to enter my password 4 times with LUKS / btrfs arra |
|
|
davidm wrote: | According to my research systemd is supposed to try the same password for the other drives automatically. |
I've heard that too, not sure if it is the standard behaviour of systemd, or just a property of some specific distro's initramfs. In the latter case you'd have to investigate how this can be done with genkernel-next.
Quote: | How can I get it to do this without using a separate key file based security (I'd like to stick with just passwords if possible) |
I don't have systemd, but several LUKS containers which I open with just one password.
More specifically, the password opens a LUKS container which in turn contains the keys for all other LUKS containers.
Basically it's this method: https://wiki.gentoo.org/wiki/Custom_Initramfs#Encrypted_keyfile |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|