You are not logged in.

#1 2009-11-04 12:45:32

Floh1111
Member
Registered: 2009-11-04
Posts: 14

Mounting an encrypted DM-Crypt/LUKS partition at KDM login

Hi,

I know that it is posible to mount an encrypted partition at KDM login with PAM but I don´t know how.
I would like to mount my /home partition with the same password which I use to log in at KDM.

Can you give me a short instruction please?

Floh1111

Offline

#2 2009-11-04 15:45:38

jithin1987
Member
From: Bangalore
Registered: 2009-09-12
Posts: 182

Re: Mounting an encrypted DM-Crypt/LUKS partition at KDM login

I think you are looking for ecryptfs http://wiki.archlinux.org/index.php/Sys … h_eCryptfs it has PAM for auto mounting.
Another link http://sysphere.org/~anrxc/j/articles/e … index.html.

This is the dm-crypt documentation http://wiki.archlinux.org/index.php/Sys … r_dm-crypt


Thanks
Jithin

Offline

#3 2009-11-04 16:26:11

vacant
Member
From: downstairs
Registered: 2004-11-05
Posts: 801

Re: Mounting an encrypted DM-Crypt/LUKS partition at KDM login

What you're trying to achieve (and how paranoid are you wink )?. Do you want to dismount /home when you logout? Do you encrypt swap and/or temp files?

The reason I ask is that I have a slightly different approach. When I boot I am prompted for a password to open my luks-encrypted partition. I have a strong password, the partition is large and contains logical volumes for / , /home, /swap, /tmp.

KDM is set up to log me in automatically so when I boot I enter one password and get straight to my desktop. My linux user password is a single character for when I lock the screen.

The idea is if the laptop is ever stolen then my stuff is safe. It is powered off when not in use.

Offline

#4 2009-11-05 11:26:21

Floh1111
Member
Registered: 2009-11-04
Posts: 14

Re: Mounting an encrypted DM-Crypt/LUKS partition at KDM login

My Setup looks like this:
I have an encrypted /dev/sdb4 which is mapped to /dev/mapper/home. This mapper is mounted on /home in the root filesystem.
So I have an encrypted /home partition. No encrypted swap, no encrypted root (I´m not that paranoid wink).

Currently I´m mounting /dev/mapper/home on bootup in /etc/fstab so that I´m asked for my pasphrase at bootup.
I want to modify this setup in the way that I mount /dev/mapper/home when I login at KDM and not at bootup.
The password that I use for login is the same as the pasword I use for /dev/mapper/home.
I want to use my login password to mount /dev/mapper/home partition when I login with KDM.

Hope this is a bit more understandy.

Offline

#5 2011-01-13 14:57:19

dpc.ucore.info
Member
Registered: 2010-12-27
Posts: 14

Re: Mounting an encrypted DM-Crypt/LUKS partition at KDM login

I have a similar problem so I will post it here.

I have a home on /dev/sda4 which is mapped to /dev/mapper/home (similar to the OP). I wan't to be able to SSH to the machine after powering up and mount /home manually. I don't want the system to stop at the very beginning of booting to ask for the password. But still - when I'm near the computer I'd like to be asked for the home encryption password on the console.

So basically I just want the mapping/mounting to happen at different point in booting time.

Last edited by dpc.ucore.info (2011-01-13 14:58:52)

Offline

#6 2011-01-19 12:42:16

dpc.ucore.info
Member
Registered: 2010-12-27
Posts: 14

Re: Mounting an encrypted DM-Crypt/LUKS partition at KDM login

So here goes my hack / solution:

Instead of adding device to /etc/crypttab :

The /home must be marked noauto in /etc/fstab

# cat /etc/rc.d/home 
#!/bin/bash

. /etc/rc.conf
. /etc/rc.d/functions


DEV="/dev/sda4"
MAPPER="home"
MAPPER_PATH="/dev/mapper/$MAPPER"
MOUNT_PATH="/home"

case "$1" in
  start)
    stat_busy "Mounting "$MOUNT_PATH""
    while [ ! -e "$MAPPER_PATH" ]; do
        cryptsetup -T 1 -t 20 luksOpen "$DEV" "$MAPPER"
    done
    fsck "$MAPPER_PATH" && mount "$MAPPER_PATH" "$MOUNT_PATH"
    if [ $? -gt 0 ]; then
      stat_fail
    else
      add_daemon home
      stat_done
    fi
    ;;
  stop)
      stat_busy "Unmounting $MOUNT_PATH"
    umount "$MOUNT_PATH" && cryptsetup luksClose "$MAPPER_PATH"
    if [ $? -gt 0 ]; then
      stat_fail
    else
      rm_daemon home
      stat_done
    fi
    ;;
  restart)
    $0 stop
    sleep 1
    $0 start
    ;;
  *)
    echo "usage: $0 {start|stop|restart}"
esac
exit 0

Last edited by dpc.ucore.info (2011-01-19 12:55:56)

Offline

#7 2012-08-13 15:07:24

azhezhel
Member
Registered: 2012-05-06
Posts: 2

Re: Mounting an encrypted DM-Crypt/LUKS partition at KDM login

Will be more friendly for ssh user something like this:

...
chsh -s "/bin/conspy.sh" root
while [ ! -e "$MAPPER_PATH" ]; do
    cryptsetup -T 1 -t 20 luksOpen "$DEV" "$MAPPER"
done
chsh -s "/bin/bash" root
...

/bin/conspy.sh

#!/bin/sh                                                                                                                                                                                                                                    
#
/usr/bin/conspy 1

conspy should be installed

Last edited by azhezhel (2012-08-13 19:04:20)

Offline

Board footer

Powered by FluxBB