[SOLVED] Mounting an encrypted volume at boot time with a keyfile on a USB stick

Support for security such as Firewalls and securing linux
Post Reply
argemat
Posts: 2
Joined: 2011/08/03 09:56:02

[SOLVED] Mounting an encrypted volume at boot time with a keyfile on a USB stick

Post by argemat » 2011/08/03 10:04:14

Hello!

I would like to automatically mount an encrypted volume (using luks/cryptsetup) at boot time. The keyfile to unlock the volume is stored on a USB stick, which is automatically mounted from fstab via its UUID, the keyfile is entered in the /etc/crypttab line for this volume.

My problem: The stick only gets mounted AFTER the system searches for encrypted volumes. Thus, the keyfile is not available yet and the voulme can't be unlocked.

The fstab line:[code]
UUID=e6e133c9-b433-468c-a17b-0afaf1d7c14b /media/crypto ext4 defaults,auto,ro 0 0[/code]
The crypttab line:
[code]
backup_crypt /dev/vg_file/file_backup /media/crypto/backup.key
[/code]

Is there any way to either delay the crypto initialization, or mount the stick earlier on?

regards
Mathias

argemat
Posts: 2
Joined: 2011/08/03 09:56:02

Re: Mounting an encrypted volume at boot time with a keyfile on a USB stick

Post by argemat » 2011/08/03 10:17:25

Ah, damn. A few minutes after posting this, I found the solution here http://www.gno.org/~gdr/sysadmin/centos/5/crypto-disk/server.html
A script in /etc/sysconfig/modules which mounts the stick does the trick.

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

[SOLVED] Mounting an encrypted volume at boot time with a ke

Post by pschaff » 2011/08/03 17:15:39

Welcome to the CentOS fora. Please see the recommended reading for new users linked in my signature.

Thanks for reporting back. Marking this thread [SOLVED] for posterity.

Post Reply

Return to “CentOS 6 - Security Support”