Yet Another "Automount encrypted partition"

valentin8709 · 07-22-2017, 12:19 PM

Hi everybody!
I come here beacause I do not find a solution to my problem, which is on a Linux Mint 17.3 (I know, it's old. I will upgrade it!):

Some years ago, I installed a Nextcloud server (a second one, just for backups) with only one hard drive, encrypted. Later, the hard drive being full, I plugged another one dedicated for data, also encrypted. Everything's working fine.

The 'problem' is I cannot remotely reboot my server, or even boot up without dedicated screen. Indeed, during boot, my passphrase for the /root encrypted is asked.

Would it be possible to "disable" encryption or to auto-decrypt the root partition? My data being on another partition, I could remotely reboot the server then decrypt the data partition via ssh, without dedicated screen.

For info:
The root partition is /dev/sda5:

Code:

Disk /dev/sda: 160.0 GB, 160041885696 bytes
255 heads, 63 sectors/track, 19457 cylinders, total 312581808 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x000e1e1d

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *        2048      499711      248832   83  Linux
/dev/sda2          501758   312580095   156039169    5  Extended
/dev/sda5          501760   312580095   156039168   83  Linux

My /etc/fstab:

Code:

/dev/mapper/mint--vg-root /               ext4    errors=remount-ro 0       1
# /boot was on /dev/sda1 during installation
UUID=22443f95-f91a-46d3-8e38-e969da8a8144 /boot           ext2    defaults        0       2
/dev/mapper/mint--vg-swap_1 none            swap    sw              0       0
/dev/mapper/cryptswap1 none swap sw 0 0

My /etc/crypttab:

Code:

sda5_crypt UUID=e98d51b9-ed47-4b36-800d-d352c0a026b0 none luks,discard
cryptswap1 UUID=d4bd5262-e044-46b8-b84a-b45997264096 /dev/urandom swap,cipher=aes-cbc-essiv:sha256

About the swap partition, I don't remember what I did, certainly a mistake so I disabled the partition but it was some years ago...

Thank you very much for your help! I hope I am clear enough, my english is far to be perfect...

syg00 · 07-23-2017, 10:26 PM

Quote:

Originally Posted by valentin8709

Would it be possible to "disable" encryption

No. With the container opened, you would need to copy everything off to another unencrypted partition then fix fstab and the boot-loader. At least. All too hard - much simpler to do a clean install of 18.2 as unencrypted.

Quote:

... or to auto-decrypt the root partition?

This is possible, but more difficult to do after the install. You would need to create a keyfile and add that to the crypttab - easy enough. The difficult part is to get the support into the initrd - it's possible Mint mkinitrd does that for you, I don't know.

I would suggest the clean install, after first creating a separate /home partition - that way all your settings can survive the install.

jefro · 07-23-2017, 10:42 PM

This is pretty old. Might provide some ideas still. https://unix.stackexchange.com/quest...ss-server-boot

valentin8709 · 08-01-2017, 03:10 AM

Thank you for your answers (and sorry for the response time), I think I am going to add a keyfile, and if it doesn't work I will make a clean install with the data partition encrypted only.

Have a nice day =)