cryptsetup won't open crypted fs on raid5 with known luks passphrase

luboss · 11-13-2008, 10:33 AM

Hello all,

I don't write in forums usually but now I'm hopeless and thinking about shred luks crypted disk
I have working RAID5 - cons. of 3 disks where I have crypted partition with lrw-benbi, using luks. It worked me day after day but once after I rebooted it and tried to reopen it didn't work anymore:

Code:

cryptsetup luksOpen /dev/md2 cpv0
Enter LUKS passphrase: 
Command failed.

I'm 99% sure I used the right password.

all prereq. are fullfilled:

Code:

root@lsmod|grep -E 'dm_cr|lrw|aes' 
aes_x86_64              8576  1 
aes_generic            28072  1 aes_x86_64
dm_crypt               12936  1 
dm_mod                 48200  5 dm_crypt,dm_mirror,dm_log,dm_snapshot
lrw                     3968  1 
crypto_blkcipher       16004  3 dm_crypt,lrw
gf128mul                7552  1 lrw
root@lubox:~/scripts# uname -a
Linux lubox 2.6.26 #2 Sun Aug 17 22:12:17 CEST 2008 x86_64 GNU/Linux

mdadm is working ok:

Code:

root@lubox:~# mdadm --detail /dev/md2
/dev/md2:
        Version : 00.90.03
  Creation Time : Thu Oct 30 18:46:00 2008
     Raid Level : raid5
     Array Size : 974277632 (929.14 GiB 997.66 GB)
    Device Size : 487138816 (464.57 GiB 498.83 GB)
   Raid Devices : 3
  Total Devices : 3
Preferred Minor : 2
    Persistence : Superblock is persistent

    Update Time : Thu Nov 13 17:32:05 2008
          State : clean
 Active Devices : 3
Working Devices : 3
 Failed Devices : 0
  Spare Devices : 0

         Layout : left-symmetric
     Chunk Size : 128K

           UUID : a65f276f:505dd844:0624c941:ba7d69df (local to host lubox)
         Events : 0.20

    Number   Major   Minor   RaidDevice State
       0       8        3        0      active sync   /dev/sda3
       1       8       19        1      active sync   /dev/sdb3
       2       8       35        2      active sync   /dev/sdc3

can be there some other issue then wrong password?
had somebody similar problem like this?

Randux · 11-13-2008, 11:03 AM

I can't help on this except that it's easy to mess up entering your passphrase. If you know how to use Emacs, split your screen and open a shell. You can paste your password into the mount prompt. You can probably do this with some consoles but I use Emacs for this kind of thing.

luboss · 11-13-2008, 11:50 AM

hi Randux,

thanks for your answer. I do not use emacs, only vi, worse I cannot install it right now since apt-get install doesn't work.
By the way I really don't understand how you mean it, sorry :-)
How can be prooved I don't use right password? Can this be some other issue?

Lubos

Randux · 11-13-2008, 01:55 PM

You can't verify your password when you're typing it because the prompt doesn't echo it. If you type it in an editor session where you can see it, you're more likely to spot an error. Or if you have it saved in a file (bad idea) you can copy and paste it.

BTW if you use the Bash shell, .bash_history can save a lot of confidential info. Either mount it on a secure drive or change your .bash_profile to exclude certain commands. [Man histignore]

Also may be worth checking on debian mailing lists or website to see if anyone has a similar problem :-(