LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 07-31-2009, 01:30 PM   #1
ESC201
Member
 
Registered: Sep 2008
Distribution: Kubuntu 11.04
Posts: 85

Rep: Reputation: 15
Luks global passphrase?


Hi all, I recently encrypted two of my computers. I installed Fedora 11 on the first one and let the installer set up my disk encryption. At the time, I had / mounted on one drive and /home on another. Both had the same luks passphrase and when I booted my system, I was only asked to enter the passphrase once and both drives were unlocked. I've since deleted that passphrase and added another one. They are still both the same but now when I boot up, I am asked to enter the passphrase twice. Is there a way to set it so I only have to enter the passphrase once?

On the second computer, I installed Ubuntu and I let the installer take care of the disk encryption also. Same set up with it, / on one partition and /home on another; same passphrase. However, I've always had to enter the passphrase twice during boot on that one.

Anyway, if there is a way to set up a global passphrase for luks drives, any help or a point in the direction towards just that would be great. Thanks!
 
Old 08-01-2009, 11:10 PM   #2
rm -rf *
LQ Newbie
 
Registered: Nov 2008
Distribution: Slackware 12.1, Arch.
Posts: 8

Rep: Reputation: 1
Looking at the cryptsetup man page, appears there's an option for --verify-passphrase which causes luks to ask twice. Not sure if that's the issue exactly. Perhaps Ubuntu has this as default, and you changed the option on fedora?
 
Old 08-02-2009, 10:11 PM   #3
Meson
Member
 
Registered: Oct 2007
Distribution: Arch x86_64
Posts: 606

Rep: Reputation: 66
My guess is that in your initial setup, you had an encrypted LVM group and the partitions were members of it. Either way, it might have been interesting to see /etc/crypttab.
 
Old 08-03-2009, 06:31 PM   #4
ESC201
Member
 
Registered: Sep 2008
Distribution: Kubuntu 11.04
Posts: 85

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by Meson View Post
My guess is that in your initial setup, you had an encrypted LVM group and the partitions were members of it. Either way, it might have been interesting to see /etc/crypttab.
Meson, I honestly don't know what I did to make it ask me for my password only once. I just let the installer (Anaconda I believe) take care of it. My knowledge of luks is very limited.

Here is my crypttab...
Code:
# Swap
swap UUID=9c452442-2ccc-4655-ac2d-f097e15c4f2a /dev/urandom cipher=aes-cbc-essiv:sha256,size256,hash=256,swap

# /
luks-3bbe8b56-723e-4b19-83b1-d106c84beff5 UUID=3bbe8b56-723e-4b19-83b1-d106c84beff5 none

# Home
home UUID=5e36ae69-cd3a-4daa-8ba8-690f7a570862 none

# Main Backup
#Main_Backup UUID=5e36ae69-cd3a-4daa-8ba8-690f7a570862 none

# Fedora Backup
Fedora_Backup UUID=1eca149a-db55-4df0-bd58-7505acc6c4f9 none
rm -rf *, looking at the cryptsetup man page I believe that --verify-passphrase simple asks for the passphrase twice when preforming commands on encrypted drives to ensure one has entered the correct passphrase. Thank you for your insight however.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Entering passphrase on LUKS partition with USB brooky9999 Slackware 7 04-09-2009 04:22 AM
debian testing install cd rescue mode not accepting luks passphrase Molly Debian 4 02-13-2009 12:50 PM
cryptsetup won't open crypted fs on raid5 with known luks passphrase luboss Linux - Security 3 11-13-2008 01:55 PM
How to check the cpu utilization on all non global zones from Global Zone rajaniyer123 Solaris / OpenSolaris 3 10-09-2008 01:43 AM
Serial Console and LUKS Passphrase redgoblin Linux - Server 2 05-02-2008 09:29 AM


All times are GMT -5. The time now is 05:47 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration