You are not logged in.
- Topics: Active | Unanswered
#1 2009-08-24 19:53:03
- l33tunderground
- Banned
- Registered: 2007-05-09
- Posts: 103
Automounting LUKS Encrypted External HDD
Hello, everyone.
I'm doing my bi-annual migration away from GNOME, and the only thing that is giving me any pause is the automounting of encrypted external volumes. gnome-mount interfaces with HAL very well and prompts the user for the passphrase before mounting the device. However, there seem to be few other programs that can do something similar. pmount will prompt, but that requires me to execute the pmount command and I'm trying to automate the process.
Currently, I have an external USB HDD that is encrypted with LUKS using cryptsetup. It has an ext3 filesystem on it. After performing
# cryptsetup luksOpen /dev/sdc1 EHDDeverything is properly mapped to /dev/mapper/EHDD and I can mount it using the mount command. However, that is still not automated, and requires me to both unmount and luksClose the device before removing it. (If I do not do that, the device name /dev/sd[x]1 is not preserved.)
It seems like I might be able to use autofs to accomplish the goal, but I don't know how to make autofs automate the task of luksOpen and luksClose.
Can anyone provide insight?
Offline
#2 2009-08-24 20:16:56
- l33tunderground
- Banned
- Registered: 2007-05-09
- Posts: 103
Re: Automounting LUKS Encrypted External HDD
I think I'm getting closer. I've added a UDEV rule so that my HDD is always mapped to /dev/EHDD. This allows autofs to always be able to reliably locate it. However, even though /dev/mapper/EHDD now points to /dev/EHDD, I still am not able to repeatedly mount the drive without performing a luksClose and luksOpen first. Any ideas on automating this process?
Offline
#3 2009-08-24 22:05:29
- l33tunderground
- Banned
- Registered: 2007-05-09
- Posts: 103
Re: Automounting LUKS Encrypted External HDD
I got so close, but something seems to be stopping me just an inch away from my goal. I set up a udev rule to try to run cryptsetup when the device was added, but for some reason it would not work. The command was (insecure, I know)
ACTION=="add", ATTRS{serial}=="SERIALNUMBER", RUN+="/bin/echo 'THEPASSPHRASE' | /usr/sbin/cryptsetup luksOpen /dev/%k EHDD"I've tried many different variations of that command, which I've tested in the console and I know works.
I've read a couple things about a possible bug in udev with regard to cryptsetup, but I'm not sure exactly how old they were or if they were even valid. Can anyone provide more information? I'm almost at the end of my ability to keep working towards this.
Last edited by l33tunderground (2009-08-24 22:06:32)
Offline
#4 2009-10-13 06:01:58
- akephalos
- Member
- From: Romania
- Registered: 2009-04-22
- Posts: 114
Re: Automounting LUKS Encrypted External HDD
I have the feeling that HAL something would help. I'm trying (with no luck so far) to make HAL map the device, they say it supports krypto.
Without GNOME, the symptoms are:
- plugged external HDD with LUKS partitions: nothing happens, I only see them in /dev/sdbN
- inserted LUKS encrypted DVD - HAL error dialog:'Failed to mount "/org/freedesktop/Hal/devices/volume_uuid_...". Given device "/org/freedesktop/Hal/devices/volume_uuid_..." is not a volume or drive.'
If someone would understand something from this.
Any luck meantime, l33tunderground?
Offline
#5 2009-10-15 18:57:10
- tailor
- Member
- Registered: 2008-01-14
- Posts: 7
Re: Automounting LUKS Encrypted External HDD
Hi!
I am having some problems with luks, too. On my machine, the automount tool of KDE reports USB connected disks. Works like a charm for unencrypted ones. I have an encrypted hard disk which I can mount from console just the normal way: First map to /dev/mapper via cryptsetup, second mount the loop device. So far, so good.
When I try to load the disk with the automount tool, I am asked for a password - wrong entry is reported, correct entry is accepted. But my file manager tells me "incorrect protocol" (Dolphin actually). Looking the disk up on the file system, I see that it has been mapped to /dev/mapper/luks-... but the loop device was not mounted.
Does anyone know anything about this? I have deleted all custom udev rules from etc. I do not have partitions on the drive, just plain /dev/sdb, could that raise some problems with automounting?
l33tunderground: What is your problem with the gnome automounter? I guess I missed your point. Do you just don't like it? BTW, I had some custom udev rules which prevented automounting at all from KDE, so perhaps this is also a problem in your case.
Offline
#6 2009-10-16 14:59:01
- hungerfish
- Member
- Registered: 2009-09-13
- Posts: 254
Re: Automounting LUKS Encrypted External HDD
tailor, I'm not sure about the automount stuff, but is your pass-phrase being accepted? I mean, when you do it manually?
Because, I've been having problems with cryptsetup since I installed devicekit (along with gnome2.28) which also gives me an 'automount' scheme...
Basically it boils down to that my pass-phrase only randomly gets accepted and the drive unlocks, no matter if I do it manually, use a script or use gnome's automounting feature.
I'm also not the only one having troubles... See http://bbs.archlinux.org/viewtopic.php?id=81795
EDIT: Solution for my problem , see:
http://bugs.archlinux.org/task/16735
Last edited by hungerfish (2009-10-21 15:06:48)
Beetles and bacteria are vastly more successful than humans in terms of survival.
Offline