# apt-get install cryptsetup
Load 2 modules:
# modprobe dm-crypt
# modprobe dm-mod
Use luks to format partition and map it to a device:
# luksformat -t ext3 /dev/sdb1
# cryptsetup luksOpen /dev/sdb1 crypteddisk
crypteddisk is a user defined name. You can name it whatever you want. It will be found under /dev/mapper.
I put this line in /etc/crypttab:
crypteddisk /dev/md0 none luks,noauto
I also put this line in /etc/fstab:
/dev/mapper/crypteddisk /data ext3 defaults,noauto 0 0
Make sure you have /data/ directory and maybe prevent it to be used before being mounted by chattr +i /data.
Now you can mount your new encrypted partition by:
cryptdisk_start crypteddisk
mount /data
Note that I config fstab and crypttab in such a way that it won't automatically mount the encrypted partition at boot time. You know why? Thinking about when the machine you are working on is a server located in some data centre (no need to be so far away from your house). If you set it to be auto mount, it will ask you to enter the LUKS passphrase at boot time which means you won't be able to ssh to the machine as it will just wait there forever until you enter the password lol
0 comments:
Post a Comment