the arch wiki failed me. it doesn’t auto mount.
i want to auto mount my external encrypted disk and i have no idea! with automated password unlocking too
there was a thread here which link i lost, i added everything to crypttab with my chosen pass and fstab as dev mapper. i skipped the root/lukskey cus i want my chosen password.
after finishing fstab and everything i can’t unlock the ext drive and am forced to recovery mode. for now i just deleted that fstab line to boot normaly…
You might try adding noauto option to the /etc/fstab mount for that drive. That’ll hopefully prevent a boot failure at least, as it won’t try to mount it at boot, it’ll wait until its accessed (later).
Using crypttab and fstab for the external drive may also be overkill. In KDE Plasma for example, when you access the encrypted drive, it’ll prompt you for the password and you can let the system remember it.
The KDE Plasma password prompt was what might pop-up if you don’t set up the USB drive in /etc/crypttab and /etc/fstab at all.
The error your getting there looks to be an issue in the /etc/crypttab file where it can’t find or access the key file, mypassword.
There’s a couple of things to check:
/etc/crypttab is such, that drive where mypassword sits, is decrypted first! Otherwise it won’t be able to access that to decrypt the USB drive./etc/fstab is such, that the drive where mypassword sits, is mounted first.mypassword is correct.Otherwise, you could try commenting out any reference to the USB drive in /etc/crypttab and /etc/fstab and using the KDE Plasma “Remember password” option (assuming you’re using KDE Plasma).
Is mypassword a file?
If so, it needs the full path. For example, if you have that file in /root, that should read:
luks-uuid UUID=uuid /root/mypassword timeout=180
You can add multiple passphrases to a LUKS volume. So you’d have the one you can remember, but you can also generate a crazy long one that sits in a file that it uses to auto-decrypt.
(use sudo where needed)
To generate that file:
dd if=/dev/random bs=32 count=8 of=/root/lukskey
To add that key to the encrypted volume. You need to change the volume here (/dev/sda1) to the correct USB volume on your system:
cryptsetup luksAddKey /dev/sda1 /root/lukskey
Then, the /etc/crypttab line would look like this:
luks-uuid UUID=uuid /root/lukskey timeout=180
Reviewing the manual page for crypttab, I’m fairly sure that you can’t directly enter the passphrase into the /etc/crypttab file. If you provide something there, it’s expecting a path to a file.
Each line is in the form
*volume-name* *encrypted-device* *key-file* *options*
3.The third field specifies an absolute path to a file with the encryption key…
Probably best to post the current /etc/crypttab, /etc/fstab, sudo blkid, lsblk --tree.
Look, all help depends on knowing what’s actually going on. If you only provide half of it and/or censor out the important things people can’t help.
My suggestion: use a GUI app instead of editing the files yourself. I would recommend gnome-disks. There in the mount options you can automount the luks container and the partition on startup.
I’m taking a guess here because we don’t have a lot of information from you.
You’ll need to ensure that the device <name> (1st field) in /etc/crypttab, matches the /dev/mapper/[name] in /etc/fstab.
For example, if you had this in /etc/crypttab:
# <name> <device> <password> <options>
luks-uuid UUID=uuid /root/lukskey timeout=180
The name, luks-uuid, needs to match what’s specified in the <file system> directive in /etc/fstab, but you’ll need to specify the path before it (/dev/mapper/luks-uuid):
# <file system> <mount point> <type> <options> <dump> <pass>
/dev/mapper/luks-uuid /somemountpoint ext4 defaults 0 0
OK, this looks mostly good from what I see. The crypttab options should be luks,timeout=180 though. Nonetheless the luks container is opened on boot with the password from /root/lukskey, but the disk is currently not mounted (noauto in fstab).
It should mount manually with e.g.
sudo mount -t ext4 /dev/mapper/luks-3a366442-921d-4156-8b34-7f7d15c1544b /mnt/Disk1
What is the failing issue now?
They are unique, so you are probably the only person on earth with these numbers. But there isn’t anything special about them and you’re not leaking any underlying information. You can create as many as you want with e.g. uuidgen in the terminal.
PS: Stupid question: You formated with ext4 after creating the luks container, right?
Ah, that’s the issue. That created the encrypted container, but it’s empty. You have to create a filesystem in it (and ext4 is only one option, it could also be btrfs, xfs etc).
With the container open, which you already have, do a
sudo mkfs.ext4 /dev/mapper/luks-3a366442-921d-4156-8b34-7f7d15c1544b
Just like formatting a normal disk for ext4, but instead of pointing to e.g. /dev/sda you point to the opened luks mapper instead.
After that the manual mount command from above should work, and also the fstab entry.
Well, I guess it worked. You’re welcome.