Friday, September 10, 2010

how to set up crypted partition under Ubuntu 8.04 or Debian stable (5.0)

Install cryptsetup:

# apt-get install cryptsetup

Load 2 modules:

# modprobe dm-crypt 
# modprobe dm-mod

Use luks to format partition and map it to a device:

# luksformat -t ext3 /dev/sdb1
# cryptsetup luksOpen /dev/sdb1 crypteddisk

crypteddisk is a user defined name.  You can name it whatever you want.  It will be found under /dev/mapper.

I put this line in /etc/crypttab:

crypteddisk /dev/md0 none luks,noauto

I also put this line in /etc/fstab:

/dev/mapper/crypteddisk /data ext3 defaults,noauto 0 0 

Make sure you have /data/ directory and maybe prevent it to be used before being mounted by chattr +i /data.

Now you can mount your new encrypted partition by:

cryptdisk_start crypteddisk
mount /data

Note that I config fstab and crypttab in such a way that it won't automatically mount the encrypted partition at boot time.  You know why?  Thinking about when the machine you are working on is a server located in some data centre (no need to be so far away from your house).  If you set it to be auto mount, it will ask you to enter the LUKS passphrase at boot time which means you won't be able to ssh to the machine as it will just wait there forever until you enter the password lol


Post a Comment