April 26, 2019

Protecting Data with Encrypted Linux Partitions Part 2 - page 4

Adding Your Own Back Door

  • June 21, 2007
  • By Carla Schroder

This is delightfully easy, and should work on any Debian-derived distribution, such as the fabulously popular *buntu family. You'll need a line in /etc/fstab for the encrypted partition; make sure to change noauto to auto, and make sure to specify users and not user, to allow non-root users to mount and unmount the encrypted partition.

Then add a line to the /etc/crypttab file with your cryptsetup device name, the /dev name, the path to the keyfile (we don't have one) and specify that we want LUKS extensions:

sda2    /dev/sda2  none luks

Now run the startup script to test it:

# /etc/init.d/cryptdisks start 

 * Starting remaining crypto disks...
Enter LUKS passphrase:
key slot 0 unlocked.
Command successful.

Hurrah! Now reboot to see if it works. You'll be prompted for your LUKS password early in the boot process. It times out after 180 seconds; this is controlled in /etc/default/cryptdisks.

Now you can stop and start it with the usual /etc/init.d/cryptdisks {start|stop|restart|reload|force-reload} commands.

Most Popular LinuxPlanet Stories