Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Partition encryption without prompting passwords.
Operating Systems Linux Red Hat Partition encryption without prompting passwords. Post 302434232 by Hari_Ganesh on Friday 2nd of July 2010 01:19:17 AM
Old 07-02-2010
Partition encryption without prompting passwords.
Hi Gurus,

I have been working on encrypting a partition in a Fedora box and have successfully encrypted a partition(By name /test) using "cryptsetup & luks".

The below command was put up in a runcontrol file which is called during bootup to automount them during bootup.

Code:
cat /etc/rc5.d/S75my.luks
echo <password> | cryptsetup luksOpen /dev/sda8 test
mount -t ext3 /dev/mapper/test test

I have put the password in the startup file as i don't want to be prompted for a password everytime i boot up.

I understand that this methodology breaks the very purpose for which i have encrypted the partition. But this is a necessity as i am looking at putting this up for a new release and i don't want my customers to be prompted for a password and yet have the security of having an encrypted partition which cannot be decrypted if the Hard Disk is stolen.

1. Is there a way i can link this file to the hardware so that this script will run only if it the Hard disk is found in the same machine?(Something like checking against the serial number of motherboard)
2. Is there another way i can avoid prompting of password and yet ensure that Hard disk cannot be decrypted when stolen.





Note - I also understand that anybody who has a crack at the Hard disk can go into the runcontrol file and have a look at the logic. But I am short of better ideas and badly need some light. Please help.


Thanks
HG
 

8 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

File encryption/Key encryption ????

My dilemma, I need to send, deemed confidential, information via e-mail (SMTP). This information is sitting as a file on AIX. Typically I can send this data as a e-mail attachment via what we term a "mail filter" using telnet. I now would like to somehow encrypt the data and send it to a e-mail... (1 Reply)
Discussion started by: hugow
1 Replies

2. UNIX for Dummies Questions & Answers

I've created a partition with GNU Parted, how do I mount the partition?

I've created a partition with GNU Parted, how do I mount the partition? The manual information at http://www.gnu.org/software/parted/manual/parted.html is good, but I am sure about how I mount the partition afterwards. Thanks, --Todd (1 Reply)
Discussion started by: jtp51
1 Replies

3. AIX

passwords encryption

I want to store a password of a user in a encrypted format and the use that encrypted password in my shell scripting. can any one of you let me know how to do it. Thanks in advance (0 Replies)
Discussion started by: kalpana.anuga
0 Replies

4. UNIX for Advanced & Expert Users

When did UNIX start using encrypted passwords, and not displaying passwords when you type them in?

I've been using various versions of UNIX and Linux since 1993, and I've never run across one that showed your password as you type it in when you log in, or one that stored passwords in plain text rather than encrypted. I'm writing a script for work for a security audit, and two of the... (5 Replies)
Discussion started by: Anne Neville
5 Replies

5. Red Hat

prompting for passwords even i configured ssh password less authentication

There are two servers : 1. Site 2. Testing from site server i want to connect testing server with ssh password less authentication. i generated public and private keys with ssh-keygen -t rsa on site server. cat id_rsa >> authorized_keys cat id_rsa.pub >> authorized_keys i... (15 Replies)
Discussion started by: rehantayyab82
15 Replies

6. Cybersecurity

File encryption tools with MAC address as an encryption key

Hi all, I'm looking for secure file encryption tools that use MAC address as encryption key. FYI, I'm using Red Hat Enterprise Linux OS. For example: when A wants to send file to B A will encrypt the file with B's computer MAC/IP address as an encryption key This file can only be decrypted... (2 Replies)
Discussion started by: sergionicosta
2 Replies

7. Cybersecurity

How to go about partition encryption on remote server?

Hi, im having an linux webserver located in another country and i have just SSH access. My aim is to protect (by encryption) /home partition on which are located website files and mysql database data. So i found "LUKS" SW which can encrypt partition, but the thing i dont understand is how... (2 Replies)
Discussion started by: postcd
2 Replies

8. Red Hat

Shrink LVM partition & create new Linux Primary partition

Hello All, I have a Red Hat Linux 5.9 Server installed with one hard disk & 2 Partitions created on it as follows, /boot - Linux Partition & another is LVM - One VG & under that 5-6 Logical volumes(var,opt,home etc). Here my requirement is to take out 1GB of space from LVM ( Any logical... (5 Replies)
Discussion started by: gr8_usk
5 Replies

LEARN ABOUT MINIX

systemd-cryptsetup-generator

SYSTEMD-CRYPTSETUP-GENERATOR(8) 			   systemd-cryptsetup-generator 			   SYSTEMD-CRYPTSETUP-GENERATOR(8)

NAME

       systemd-cryptsetup-generator - Unit generator for /etc/crypttab

SYNOPSIS

       /lib/systemd/system-generators/systemd-cryptsetup-generator

DESCRIPTION

       systemd-cryptsetup-generator is a generator that translates /etc/crypttab into native systemd units early at boot and when configuration of
       the system manager is reloaded. This will create systemd-cryptsetup@.service(8) units as necessary.

       systemd-cryptsetup-generator implements systemd.generator(7).

KERNEL COMMAND LINE

       systemd-cryptsetup-generator understands the following kernel command line parameters:

       luks=, rd.luks=
	   Takes a boolean argument. Defaults to "yes". If "no", disables the generator entirely.  rd.luks= is honored only by initial RAM disk
	   (initrd) while luks= is honored by both the main system and the initrd.

       luks.crypttab=, rd.luks.crypttab=
	   Takes a boolean argument. Defaults to "yes". If "no", causes the generator to ignore any devices configured in /etc/crypttab
	   (luks.uuid= will still work however).  rd.luks.crypttab= is honored only by initial RAM disk (initrd) while luks.crypttab= is honored
	   by both the main system and the initrd.

       luks.uuid=, rd.luks.uuid=
	   Takes a LUKS superblock UUID as argument. This will activate the specified device as part of the boot process as if it was listed in
	   /etc/crypttab. This option may be specified more than once in order to set up multiple devices.  rd.luks.uuid= is honored only by
	   initial RAM disk (initrd) while luks.uuid= is honored by both the main system and the initrd.

	   If /etc/crypttab contains entries with the same UUID, then the name, keyfile and options specified there will be used. Otherwise, the
	   device will have the name "luks-UUID".

	   If /etc/crypttab exists, only those UUIDs specified on the kernel command line will be activated in the initrd or the real root.

       luks.name=, rd.luks.name=
	   Takes a LUKS super block UUID followed by an "=" and a name. This implies rd.luks.uuid= or luks.uuid= and will additionally make the
	   LUKS device given by the UUID appear under the provided name.

	   rd.luks.name= is honored only by initial RAM disk (initrd) while luks.name= is honored by both the main system and the initrd.

       luks.options=, rd.luks.options=
	   Takes a LUKS super block UUID followed by an "=" and a string of options separated by commas as argument. This will override the
	   options for the given UUID.

	   If only a list of options, without an UUID, is specified, they apply to any UUIDs not specified elsewhere, and without an entry in
	   /etc/crypttab.

	   rd.luks.options= is honored only by initial RAM disk (initrd) while luks.options= is honored by both the main system and the initrd.

       luks.key=, rd.luks.key=
	   Takes a password file name as argument or a LUKS super block UUID followed by a "=" and a password file name.

	   For those entries specified with rd.luks.uuid= or luks.uuid=, the password file will be set to the one specified by rd.luks.key= or
	   luks.key= of the corresponding UUID, or the password file that was specified without a UUID.

	   rd.luks.key= is honored only by initial RAM disk (initrd) while luks.key= is honored by both the main system and the initrd.

SEE ALSO

       systemd(1), crypttab(5), systemd-cryptsetup@.service(8), cryptsetup(8), systemd-fstab-generator(8)

systemd 237													   SYSTEMD-CRYPTSETUP-GENERATOR(8)
All times are GMT -4. The time now is 11:19 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy