Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora User (http://www.linux-archive.org/fedora-user/)
-   -   trying encrypted partition: a "doh!" question (http://www.linux-archive.org/fedora-user/398376-trying-encrypted-partition-doh-question.html)

"H.S." 07-13-2010 12:35 AM

trying encrypted partition: a "doh!" question
 
I recently installed Fedora 13 on a dual boot system. This time,
however, I opted to have my /home in Fedora encrypted. Anaconda gave
this option, I selected it and it asked for a password. Now when I boot
into F13, the boot process asks for the password before continuing. So
far so good.

However, when boot in to the other OS (Debian), I can mount Fedora's
/home partition without any problems and without any password. All files
are visible there. What am I missing that F13's /home is not seen as
encrypted from another OS?

Thanks.
--

Please reply to this list only. I read this list on its corresponding
newsgroup on gmane.org. Replies sent to my email address are just
filtered to a folder in my mailbox and get periodically deleted without
ever having been read.

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

"H.S." 07-13-2010 02:12 AM

trying encrypted partition: a "doh!" question
 
On 12/07/10 08:35 PM, H.S. wrote:
>
> I recently installed Fedora 13 on a dual boot system. This time,
> however, I opted to have my /home in Fedora encrypted. Anaconda gave
> this option, I selected it and it asked for a password. Now when I boot
> into F13, the boot process asks for the password before continuing. So
> far so good.
>
> However, when boot in to the other OS (Debian), I can mount Fedora's
> /home partition without any problems and without any password. All files
> are visible there. What am I missing that F13's /home is not seen as
> encrypted from another OS?
>
> Thanks.

It surely was a "doh!" question! While writing down all the UUIDs and
mapper devices, I messed up the mounting of older Fedora installation
(F9) and the newer one (F13). I was looking at F9's home while mounted
on a mountpoint meant for the newer one. Fixed the mount point and now I
get the following error when I try to mount F13's encrypted /home
partition from my other Linux OS:
mount: wrong fs type, bad option, bad superblock on /dev/mapper/vg1-lv9,
missing codepage or helper program, or other error
In some cases useful info is found in syslog - try
dmesg | tail or so

Now I am looking for how to specify the encrypted partition in Debian's
fstab so that I can mount it from within Debian.

Regards.

--

Please reply to this list only. I read this list on its corresponding
newsgroup on gmane.org. Replies sent to my email address are just
filtered to a folder in my mailbox and get periodically deleted without
ever having been read.

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Michael Cronenworth 07-13-2010 02:19 AM

trying encrypted partition: a "doh!" question
 
On 07/12/2010 09:12 PM, H.S. wrote:
> Now I am looking for how to specify the encrypted partition in Debian's
> fstab so that I can mount it from within Debian.
>

You will need to setup /etc/crypttab in your Debian installation and you
will still need to input your passphrase upon mount (well, before mount,
during cryptsetup luksOpen). If you do not want to use a passphrase then
you will need to create a luks key and add it to your encrypted
partition. Then you should be able to use the key to mount without being
prompted. Defeats the purpose of needing external authentication though
unless you have the key on a USB drive or something else that is protected.


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

"H.S." 07-13-2010 04:32 AM

trying encrypted partition: a "doh!" question
 
On 12/07/10 10:19 PM, Michael Cronenworth wrote:
> On 07/12/2010 09:12 PM, H.S. wrote:
>> Now I am looking for how to specify the encrypted partition in Debian's
>> fstab so that I can mount it from within Debian.
>>
>
> You will need to setup /etc/crypttab in your Debian installation and you
> will still need to input your passphrase upon mount (well, before mount,

Just did this. Installed cryptsetup package. Created the entry in
/etc/cryptab:
crypthomefedora UUID=<uuid here> none luks

Created the relevant line in /etc/fstab:
/dev/mapper/crypthomefedora /media/homefedora ext4 defaults 1 2

Now when I boot into Debian, it asks for the password. I enter it and it
continues to boot. I am able to read F13's home mounted on
/media/homefedora when I am in Debian.


> during cryptsetup luksOpen). If you do not want to use a passphrase then
> you will need to create a luks key and add it to your encrypted
> partition. Then you should be able to use the key to mount without being
> prompted. Defeats the purpose of needing external authentication though
> unless you have the key on a USB drive or something else that is protected.

I have started with encrypted partitions only yesterday when I installed
F13. So this encrypted hard disk stuff is all new to me. I appreciate
your comments. I will look into using a USB flash memory to store my
keys. I agree regarding the disadvantage of having the keys on the hard
disk itself though.

Thanks,
sincerely.



--

Please reply to this list only. I read this list on its corresponding
newsgroup on gmane.org. Replies sent to my email address are just
filtered to a folder in my mailbox and get periodically deleted without
ever having been read.

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Bill Davidsen 07-14-2010 09:18 PM

trying encrypted partition: a "doh!" question
 
H.S. wrote:
> On 12/07/10 10:19 PM, Michael Cronenworth wrote:
>> On 07/12/2010 09:12 PM, H.S. wrote:
>>> Now I am looking for how to specify the encrypted partition in Debian's
>>> fstab so that I can mount it from within Debian.
>>>
>> You will need to setup /etc/crypttab in your Debian installation and you
>> will still need to input your passphrase upon mount (well, before mount,
>
> Just did this. Installed cryptsetup package. Created the entry in
> /etc/cryptab:
> crypthomefedora UUID=<uuid here> none luks
>
> Created the relevant line in /etc/fstab:
> /dev/mapper/crypthomefedora /media/homefedora ext4 defaults 1 2
>
> Now when I boot into Debian, it asks for the password. I enter it and it
> continues to boot. I am able to read F13's home mounted on
> /media/homefedora when I am in Debian.
>
>
>> during cryptsetup luksOpen). If you do not want to use a passphrase then
>> you will need to create a luks key and add it to your encrypted
>> partition. Then you should be able to use the key to mount without being
>> prompted. Defeats the purpose of needing external authentication though
>> unless you have the key on a USB drive or something else that is protected.
>
> I have started with encrypted partitions only yesterday when I installed
> F13. So this encrypted hard disk stuff is all new to me. I appreciate
> your comments. I will look into using a USB flash memory to store my
> keys. I agree regarding the disadvantage of having the keys on the hard
> disk itself though.
>
So far, my only issue has been that the system doesn't want to boot without the
password, not good for a server when the protected filesystem isn't needed to
run (such as source or docs, contact info, etc). I attempted to "solve" this by
using "noauto,user" so I could hand mount it, or putting it into automount,
neither of which worked properly with fc11 where I tried it first.

--
Bill Davidsen <davidsen@tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

"H.S." 07-14-2010 09:30 PM

trying encrypted partition: a "doh!" question
 
On 14/07/10 05:18 PM, Bill Davidsen wrote:
> So far, my only issue has been that the system doesn't want to boot without the
> password, not good for a server when the protected filesystem isn't needed to
> run (such as source or docs, contact info, etc). I attempted to "solve" this by
> using "noauto,user" so I could hand mount it, or putting it into automount,
> neither of which worked properly with fc11 where I tried it first.
>

Yes, exact my views as well. For now I see a laptop as the best place to
use this tool, not a server. In my case, I have a server in which I have
set the BIOS power option to be what it was before a power failure. That
won't work if I have an encrypted partition and I am not around when a
power failure occurs (this is at my home, no UPS).

Doesn't mount or fstab help in this in some way in the sense that the
password is asked only when the filesystem is mounted? Then the
filesystem can be made to not mount on boot (while having a separate
partition for private data). Perhaps it is work under progress, or
perhaps it can be done and I just don't know about it yet (I have just
started to learn and use this tool).


--

Please reply to this list only. I read this list on its corresponding
newsgroup on gmane.org. Replies sent to my email address are just
filtered to a folder in my mailbox and get periodically deleted without
ever having been read.

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


All times are GMT. The time now is 12:08 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.