Help! I've nearly broken my desk banging my head = against this problem. I am using Red Hat 5.9 base install and trying to set= the LUKS volume to come on-line on boot.

The volume can = be manually mounted. However, when I try to create the key file it becomes = a 0 length file and does not work when the system boots.

cryptsetup luksAddKey /dev/sda2 keyfile
Enter any LUKS passphrase: <= br>Verify passphrase:
key slot 0 unlocked.
Command successful.

ls -lart keyfile
-rw------- 1 root root 0 May 22 08:42 keyfile

cat /etc/crypttab
luks /dev/sda2 /root/keyfile luks

This is probably operator error but I'm not sure w= here to look. Any help appreciated!

Leam

Mind on a Mission

--047d7b15a3574923c204dd4e0250-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SxJYdYRxaw1N for ; Wed, 22 May 2013 16:33:46 +0200 (CEST) Received: from v6.tansi.org (unknown [87.118.116.4]) by mail.saout.de (Postfix) with ESMTP for ; Wed, 22 May 2013 16:33:46 +0200 (CEST) Received: from gatewagner.dyndns.org (84-72-142-22.dclient.hispeed.ch [84.72.142.22]) by v6.tansi.org (Postfix) with ESMTPA id AC37C20DC250 for ; Wed, 22 May 2013 16:33:45 +0200 (CEST) Date: Wed, 22 May 2013 16:33:45 +0200 From: Arno Wagner Message-ID: <20130522143345.GB26551@tansi.org> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Subject: Re: [dm-crypt] luksAddKey successful but not working List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de A look into the man-page of cryptsetup shows that luksAddKey does not write the key-file, but reads it. I am surprised though that cryptsetup does not complain that the file is missing. With my system (cryptsetup 1.6.0) it does: # cryptsetup luksAddKey /dev/loop0 keyfile Enter any passphrase: Failed to open key file. <--- # Have you created "keyfile" before? If so, you just added the empty passphrase to your device, something you probably do not want to do. Arno On Wed, May 22, 2013 at 08:50:22AM -0400, leam hall wrote: > Help! I've nearly broken my desk banging my head against this problem. I am > using Red Hat 5.9 base install and trying to set the LUKS volume to come > on-line on boot. > > The volume can be manually mounted. However, when I try to create the key > file it becomes a 0 length file and does not work when the system boots. > > cryptsetup luksAddKey /dev/sda2 keyfile > Enter any LUKS passphrase: > Verify passphrase: > key slot 0 unlocked. > Command successful. > > > ls -lart keyfile > -rw------- 1 root root 0 May 22 08:42 keyfile > > > cat /etc/crypttab > luks /dev/sda2 /root/keyfile luks > > > This is probably operator error but I'm not sure where to look. Any help > appreciated! > > Leam > > > > -- > Mind on a Mission > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult. --Tony Hoare From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lGaMPjv7ldAO for ; Wed, 22 May 2013 16:48:55 +0200 (CEST) Received: from mail-pb0-x231.google.com (mail-pb0-x231.google.com [IPv6:2607:f8b0:400e:c01::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Wed, 22 May 2013 16:48:54 +0200 (CEST) Received: by mail-pb0-f49.google.com with SMTP id rp8so1759002pbb.22 for ; Wed, 22 May 2013 07:48:52 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: <20130522143345.GB26551@tansi.org> References: <20130522143345.GB26551@tansi.org> Date: Wed, 22 May 2013 10:48:52 -0400 Message-ID: From: leam hall Content-Type: multipart/alternative; boundary=047d7b15a35716839404dd4faac5 Subject: Re: [dm-crypt] luksAddKey successful but not working List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de --047d7b15a35716839404dd4faac5 Content-Type: text/plain; charset=UTF-8 Hey Arno, thanks! None of the instructions I found talked about manually editing the keyfile with the key. That's why I thought luksAddKey created the file. So far I'm not doing great with this. Either the /dev/sda partition isn't able to be mounted or /dev/mapper/luks isn't viewed as a LUKS partition. On Wed, May 22, 2013 at 10:33 AM, Arno Wagner wrote: > A look into the man-page of cryptsetup shows that luksAddKey does > not write the key-file, but reads it. I am surprised though that > cryptsetup does not complain that the file is missing. With my > system (cryptsetup 1.6.0) it does: > > # cryptsetup luksAddKey /dev/loop0 keyfile > Enter any passphrase: > Failed to open key file. <--- > # > > Have you created "keyfile" before? If so, you just added the empty > passphrase to your device, something you probably do not want to do. > > Arno > > On Wed, May 22, 2013 at 08:50:22AM -0400, leam hall wrote: > > Help! I've nearly broken my desk banging my head against this problem. I > am > > using Red Hat 5.9 base install and trying to set the LUKS volume to come > > on-line on boot. > > > > The volume can be manually mounted. However, when I try to create the key > > file it becomes a 0 length file and does not work when the system boots. > > > > cryptsetup luksAddKey /dev/sda2 keyfile > > Enter any LUKS passphrase: > > Verify passphrase: > > key slot 0 unlocked. > > Command successful. > > > > > > ls -lart keyfile > > -rw------- 1 root root 0 May 22 08:42 keyfile > > > > > > cat /etc/crypttab > > luks /dev/sda2 /root/keyfile luks > > > > > > This is probably operator error but I'm not sure where to look. Any help > > appreciated! > > > > Leam > > > > > > > > -- > > Mind on a Mission > > > _______________________________________________ > > dm-crypt mailing list > > dm-crypt@saout.de > > http://www.saout.de/mailman/listinfo/dm-crypt > > > -- > Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name > GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 > ---- > There are two ways of constructing a software design: One way is to make it > so simple that there are obviously no deficiencies, and the other way is to > make it so complicated that there are no obvious deficiencies. The first > method is far more difficult. --Tony Hoare > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt > -- Mind on a Mission --047d7b15a35716839404dd4faac5 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Hey Arno, thanks! None of the instructions I found ta= lked about manually editing the keyfile with the key. That's why I thou= ght luksAddKey created the file.

So far I'm not doing gre= at with this. Either the /dev/sda partition isn't able to be mounted or= /dev/mapper/luks isn't viewed as a LUKS partition.

On = Wed, May 22, 2013 at 10:33 AM, Arno Wagner <arno@wagner.name>= wrote:

A look into the man-page of cryptsetup shows= that luksAddKey does
not write the key-file, but reads it. I am surprised though that
cryptsetup does not complain that the file is missing. With my
system (cryptsetup 1.6.0) it does:

# cryptsetup luksAddKey /dev/loop0 keyfile
Enter any passphrase:
Failed to open key file. =C2=A0 =C2=A0<---
#

Have you created "keyfile" before? If so, you just added the empt= y
passphrase to your device, something you probably do not want to do.

Arno

On Wed, May 22, 2013 at 08:50:22AM -0400, leam hall wrote:
> Help! I've nearly broken my desk banging my head against this prob= lem. I am
> using Red Hat 5.9 base install and trying to set the LUKS volume to co= me
> on-line on boot.
>
> The volume can be manually mounted. However, when I try to create the = key
> file it becomes a 0 length file and does not work when the system boot= s.
>
> cryptsetup luksAddKey /dev/sda2 keyfile
> Enter any LUKS passphrase:
> Verify passphrase:
> key slot 0 unlocked.
> Command successful.
>
>
> ls -lart keyfile
> -rw------- 1 root root 0 May 22 08:42 keyfile
>
>
> cat /etc/crypttab
> luks /dev/sda2 /root/keyfile luks
>
>
> This is probably operator error but I'm not sure where to look. An= y help
> appreciated!
>
> Leam
>
>
>
> --

> Mind on a Mission <http://leamhall.blogspot.com/>

> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

--
Arno Wagner, =C2=A0 =C2=A0 Dr. sc. techn., Dipl. Inform., =C2=A0 =C2=A0Emai= l: arno@wagner.name
GnuPG: ID: CB5D9718 =C2=A0FP: 12D6 C03B 1B30 33BB 13CF =C2=A0B774 E35C 5FA1= CB5D 9718
----
There are two ways of constructing a software design: One way is to make it=
so simple that there are obviously no deficiencies, and the other way is to=
make it so complicated that there are no obvious deficiencies. The first method is far more difficult. =C2=A0--Tony Hoare
_______________________________________________
dm-crypt mailing list
dm-crypt@saout.de
http://www.saout.de/mailman/listinfo/dm-crypt

Mind on a Mission

I have a support ticket with RH open now. So far I am= not sure it is a bug. It may well just be my misunderstanding. If it does = turn out to be a bug I will file it.

Thanks!

Leam

On Wed, May 2= 2, 2013 at 11:28 AM, Milan Broz <gmazyland@gmail.com> wrot= e:

On 05/22/2013 04:33 PM, Ar= no Wagner wrote:
> A look into the man-page of cryptsetup shows that luksAddKey does
> not write the key-file, but reads it. I am surprised though that
> cryptsetup does not complain that the file is missing. With my
> system (cryptsetup 1.6.0) it does:
>
> # cryptsetup luksAddKey /dev/loop0 keyfile
> Enter any passphrase:
> Failed to open key file. =C2=A0 =C2=A0<---
> #

RHEL5 has very old cryptsetup (based on 1.0.3 version) and it is impo= ssible
to rebase there to a new version.
You can create a bug requesting to fix this issue in RH bugzilla though...<= br>
Milan

_____________________= __________________________
dm-crypt mailing list
dm-crypt@saout.de
http://www.saout.de/mailman/listinfo/dm-crypt

Mind on a Mission=

--047d7b15ae4b697c8804dd505304-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xvPmLgY0EFBb for ; Thu, 30 May 2013 02:56:33 +0200 (CEST) Received: from mail-ie0-x22d.google.com (mail-ie0-x22d.google.com [IPv6:2607:f8b0:4001:c03::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Thu, 30 May 2013 02:56:33 +0200 (CEST) Received: by mail-ie0-f173.google.com with SMTP id k13so7156004iea.32 for ; Wed, 29 May 2013 17:56:30 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: References: <20130522143345.GB26551@tansi.org> <519CE41B.5030205@gmail.com> Date: Wed, 29 May 2013 20:56:30 -0400 Message-ID: From: leam hall Content-Type: multipart/alternative; boundary=089e013c5aee0ec0d804dde4f82e Subject: Re: [dm-crypt] luksAddKey successful but not working List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de --089e013c5aee0ec0d804dde4f82e Content-Type: text/plain; charset=UTF-8 So what I'm seeing is an error "No key available with this passphrase". What makes this odd is that there are two boxes; one build with a file system encrypted and the other adding it afterwards. Both have the same ~/keyfile. The manually built system won't read the keyfile on boot and drops the box into "fix your filesystem" mode. The "encrypted on install" box works just fine.They are pretty much build from the same OS version, though the bad one has more packages. Any ideas on how to trouble-shoot this? Thanks! Leam On Wed, May 22, 2013 at 11:36 AM, leam hall wrote: > I have a support ticket with RH open now. So far I am not sure it is a > bug. It may well just be my misunderstanding. If it does turn out to be a > bug I will file it. > > Thanks! > > Leam > > > On Wed, May 22, 2013 at 11:28 AM, Milan Broz wrote: > >> On 05/22/2013 04:33 PM, Arno Wagner wrote: >> > A look into the man-page of cryptsetup shows that luksAddKey does >> > not write the key-file, but reads it. I am surprised though that >> > cryptsetup does not complain that the file is missing. With my >> > system (cryptsetup 1.6.0) it does: >> > >> > # cryptsetup luksAddKey /dev/loop0 keyfile >> > Enter any passphrase: >> > Failed to open key file. <--- >> > # >> >> RHEL5 has very old cryptsetup (based on 1.0.3 version) and it is >> impossible >> to rebase there to a new version. >> You can create a bug requesting to fix this issue in RH bugzilla though... >> >> Milan >> _______________________________________________ >> dm-crypt mailing list >> dm-crypt@saout.de >> http://www.saout.de/mailman/listinfo/dm-crypt >> > > > > -- > Mind on a Mission > -- Mind on a Mission --089e013c5aee0ec0d804dde4f82e Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

So what I'm seeing is an error "No key avail= able with this passphrase". What makes this odd is that there are two = boxes; one build with a file system encrypted and the other adding it after= wards. Both have the same ~/keyfile. The manually built system won't re= ad the keyfile=C2=A0 on boot and drops the box into "fix your filesyst= em" mode. The "encrypted on install" box works just fine.The= y are pretty much build from the same OS version, though the bad one has mo= re packages.

Any ideas on how to trouble-shoot this?

Th= anks!

Leam

On Wed, May 22, 2013 at 11:36 AM, leam hall = <leamhall@gmail.com> wrote:

I have a support ticke= t with RH open now. So far I am not sure it is a bug. It may well just be m= y misunderstanding. If it does turn out to be a bug I will file it.

Thanks!

Lea= m

On Wed, May 22, 2013 at 11:28 AM, Milan Broz &l= t;gmazyland@gmail.= com> wrote:

On 05/22/2013 04:33 PM, Arno Wagner wro= te:
> A look into the man-page of cryptsetup shows that luksAddKey does
> not write the key-file, but reads it. I am surprised though that
> cryptsetup does not complain that the file is missing. With my
> system (cryptsetup 1.6.0) it does:
>
> # cryptsetup luksAddKey /dev/loop0 keyfile
> Enter any passphrase:
> Failed to open key file. =C2=A0 =C2=A0<---
> #

RHEL5 has very old cryptsetup (based on 1.0.3 version) and it is impo= ssible
to rebase there to a new version.
You can create a bug requesting to fix this issue in RH bugzilla though...<= br>
Milan

_______________________________________________
dm-crypt mailing list
dm-crypt@saout.de
http://www.saout.de/mailman/listinfo/dm-crypt

--
Mind on a Mission

Mind on a Mission

--089e013c5aee0ec0d804dde4f82e-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GToOvzBu5y9x for ; Thu, 30 May 2013 03:10:05 +0200 (CEST) Received: from v6.tansi.org (unknown [87.118.116.4]) by mail.saout.de (Postfix) with ESMTP for ; Thu, 30 May 2013 03:10:05 +0200 (CEST) Received: from gatewagner.dyndns.org (84-72-142-22.dclient.hispeed.ch [84.72.142.22]) by v6.tansi.org (Postfix) with ESMTPA id 3FBF820DC253 for ; Thu, 30 May 2013 03:10:05 +0200 (CEST) Date: Thu, 30 May 2013 03:10:04 +0200 From: Arno Wagner Message-ID: <20130530011004.GA29783@tansi.org> References: <20130522143345.GB26551@tansi.org> <519CE41B.5030205@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Subject: Re: [dm-crypt] luksAddKey successful but not working List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de I suspect that something in the initrd or the configuration it uses is missing. Look at the boot messages for anything related, Then look at the contents of the initrd and what it does in the one system and does not do in the other one. Arno On Wed, May 29, 2013 at 08:56:30PM -0400, leam hall wrote: > So what I'm seeing is an error "No key available with this passphrase". > What makes this odd is that there are two boxes; one build with a file > system encrypted and the other adding it afterwards. Both have the same > ~/keyfile. The manually built system won't read the keyfile on boot and > drops the box into "fix your filesystem" mode. The "encrypted on install" > box works just fine.They are pretty much build from the same OS version, > though the bad one has more packages. > > Any ideas on how to trouble-shoot this? > > Thanks! > > Leam > > > On Wed, May 22, 2013 at 11:36 AM, leam hall wrote: > > > I have a support ticket with RH open now. So far I am not sure it is a > > bug. It may well just be my misunderstanding. If it does turn out to be a > > bug I will file it. > > > > Thanks! > > > > Leam > > > > > > On Wed, May 22, 2013 at 11:28 AM, Milan Broz wrote: > > > >> On 05/22/2013 04:33 PM, Arno Wagner wrote: > >> > A look into the man-page of cryptsetup shows that luksAddKey does > >> > not write the key-file, but reads it. I am surprised though that > >> > cryptsetup does not complain that the file is missing. With my > >> > system (cryptsetup 1.6.0) it does: > >> > > >> > # cryptsetup luksAddKey /dev/loop0 keyfile > >> > Enter any passphrase: > >> > Failed to open key file. <--- > >> > # > >> > >> RHEL5 has very old cryptsetup (based on 1.0.3 version) and it is > >> impossible > >> to rebase there to a new version. > >> You can create a bug requesting to fix this issue in RH bugzilla though... > >> > >> Milan > >> _______________________________________________ > >> dm-crypt mailing list > >> dm-crypt@saout.de > >> http://www.saout.de/mailman/listinfo/dm-crypt > >> > > > > > > > > -- > > Mind on a Mission > > > > > > -- > Mind on a Mission > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult. --Tony Hoare From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h99wRIbd52-I for ; Fri, 31 May 2013 16:09:33 +0200 (CEST) Received: from mail-pd0-f180.google.com (mail-pd0-f180.google.com [209.85.192.180]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Fri, 31 May 2013 16:09:32 +0200 (CEST) Received: by mail-pd0-f180.google.com with SMTP id 14so2255042pdc.11 for ; Fri, 31 May 2013 07:09:31 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: References: <20130522143345.GB26551@tansi.org> <519CE41B.5030205@gmail.com> Date: Fri, 31 May 2013 10:09:30 -0400 Message-ID: From: leam hall Content-Type: multipart/alternative; boundary=001a11333020e02dae04de04296b Subject: Re: [dm-crypt] luksAddKey successful but not working List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de --001a11333020e02dae04de04296b Content-Type: text/plain; charset=UTF-8 I can build a new box without an encrypted volume, build the volume, and have the server ask for the password on boot. What is currently failing is reading the keyfile so that it doesn't ask for a password. What part of the program/process deals with that? Thanks! Leam On Wed, May 22, 2013 at 11:36 AM, leam hall wrote: > I have a support ticket with RH open now. So far I am not sure it is a > bug. It may well just be my misunderstanding. If it does turn out to be a > bug I will file it. > > Thanks! > > Leam > > > On Wed, May 22, 2013 at 11:28 AM, Milan Broz wrote: > >> On 05/22/2013 04:33 PM, Arno Wagner wrote: >> > A look into the man-page of cryptsetup shows that luksAddKey does >> > not write the key-file, but reads it. I am surprised though that >> > cryptsetup does not complain that the file is missing. With my >> > system (cryptsetup 1.6.0) it does: >> > >> > # cryptsetup luksAddKey /dev/loop0 keyfile >> > Enter any passphrase: >> > Failed to open key file. <--- >> > # >> >> RHEL5 has very old cryptsetup (based on 1.0.3 version) and it is >> impossible >> to rebase there to a new version. >> You can create a bug requesting to fix this issue in RH bugzilla though... >> >> Milan >> _______________________________________________ >> dm-crypt mailing list >> dm-crypt@saout.de >> http://www.saout.de/mailman/listinfo/dm-crypt >> > > > > -- > Mind on a Mission > -- Mind on a Mission --001a11333020e02dae04de04296b Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

I can build a new box without an encrypted volume, build t= he volume, and have the server ask for the password on boot. What is curren= tly failing is reading the keyfile so that it doesn't ask for a passwor= d. What part of the program/process deals with that?

Thanks!

Leam

On Wed, May 22, 2013 at 11:36 AM, leam hall <leamha= ll@gmail.com> wrote:

I have a support ticke= t with RH open now. So far I am not sure it is a bug. It may well just be m= y misunderstanding. If it does turn out to be a bug I will file it.

Thanks!

Lea= m

On Wed, May 22, 2013 at 11:28 AM, Milan Broz &l= t;gmazyland@gmail.= com> wrote:

On 05/22/2013 04:33 PM, Arno Wagner wro= te:
> A look into the man-page of cryptsetup shows that luksAddKey does
> not write the key-file, but reads it. I am surprised though that
> cryptsetup does not complain that the file is missing. With my
> system (cryptsetup 1.6.0) it does:
>
> # cryptsetup luksAddKey /dev/loop0 keyfile
> Enter any passphrase:
> Failed to open key file. =C2=A0 =C2=A0<---
> #

RHEL5 has very old cryptsetup (based on 1.0.3 version) and it is impo= ssible
to rebase there to a new version.
You can create a bug requesting to fix this issue in RH bugzilla though...<= br>
Milan

_______________________________________________
dm-crypt mailing list
dm-crypt@saout.de
http://www.saout.de/mailman/listinfo/dm-crypt

--
Mind on a Mission

Mind on a Mission

--001a11333020e02dae04de04296b-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sGjPkjpq3E-P for ; Fri, 31 May 2013 16:55:36 +0200 (CEST) Received: from mail-pb0-x234.google.com (mail-pb0-x234.google.com [IPv6:2607:f8b0:400e:c01::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Fri, 31 May 2013 16:55:36 +0200 (CEST) Received: by mail-pb0-f52.google.com with SMTP id xa12so2317545pbc.25 for ; Fri, 31 May 2013 07:55:34 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: References: <20130522143345.GB26551@tansi.org> <519CE41B.5030205@gmail.com>

Date: Fri, 31 May 2013 10:55:33 -0400 Message-ID: From: leam hall Content-Type: multipart/alternative; boundary=047d7b67618895ff0e04de04ce33 Subject: Re: [dm-crypt] luksAddKey successful but not working List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de --047d7b67618895ff0e04de04ce33 Content-Type: text/plain; charset=UTF-8 Okay, progress. And yeah, I dwaddled on reading the FAQ. :( I think this works, the volume mounts on boot. However, if I use isLuks on the /dev/mapper/ it is not. If I use it on the underlying partition (/dev/sdc1) it gives no response and "echo $?" gives a 0. So, am I correct in thinking that the volume is LUKS encrypted? How would you actually test that? I'm only at 2.8 on the FAQ. :) Leam On Fri, May 31, 2013 at 10:09 AM, leam hall wrote: > I can build a new box without an encrypted volume, build the volume, and > have the server ask for the password on boot. What is currently failing is > reading the keyfile so that it doesn't ask for a password. What part of the > program/process deals with that? > > Thanks! > > Leam > > > On Wed, May 22, 2013 at 11:36 AM, leam hall wrote: > >> I have a support ticket with RH open now. So far I am not sure it is a >> bug. It may well just be my misunderstanding. If it does turn out to be a >> bug I will file it. >> >> Thanks! >> >> Leam >> >> >> On Wed, May 22, 2013 at 11:28 AM, Milan Broz wrote: >> >>> On 05/22/2013 04:33 PM, Arno Wagner wrote: >>> > A look into the man-page of cryptsetup shows that luksAddKey does >>> > not write the key-file, but reads it. I am surprised though that >>> > cryptsetup does not complain that the file is missing. With my >>> > system (cryptsetup 1.6.0) it does: >>> > >>> > # cryptsetup luksAddKey /dev/loop0 keyfile >>> > Enter any passphrase: >>> > Failed to open key file. <--- >>> > # >>> >>> RHEL5 has very old cryptsetup (based on 1.0.3 version) and it is >>> impossible >>> to rebase there to a new version. >>> You can create a bug requesting to fix this issue in RH bugzilla >>> though... >>> >>> Milan >>> _______________________________________________ >>> dm-crypt mailing list >>> dm-crypt@saout.de >>> http://www.saout.de/mailman/listinfo/dm-crypt >>> >> >> >> >> -- >> Mind on a Mission >> > > > > -- > Mind on a Mission > -- Mind on a Mission --047d7b67618895ff0e04de04ce33 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Okay, progress. And yeah, I dwaddled on rea= ding the FAQ.=C2=A0 :(

I think this works, the volume mounts o= n boot. However, if I use isLuks on the /dev/mapper/<volume> it is no= t. If I use it on the underlying partition=C2=A0 (/dev/sdc1) it gives no re= sponse and "echo $?" gives a 0.

So, am I correct in thinking that the volume is LUKS encrypted? H= ow would you actually test that? I'm only at 2.8 on the FAQ.=C2=A0 :)

Leam

On Fri, May 31, 2013 at 10:09 AM, leam hall <leamhall@gmail.com>= wrote:

I can build a new box without an encrypted volume, build t= he volume, and have the server ask for the password on boot. What is curren= tly failing is reading the keyfile so that it doesn't ask for a passwor= d. What part of the program/process deals with that?

Thanks!

Leam
<= /font>

On Wed, May 22, 2013 at 11:36= AM, leam hall <leamhall@gmail.com> wrote:

I have a support ticke= t with RH open now. So far I am not sure it is a bug. It may well just be m= y misunderstanding. If it does turn out to be a bug I will file it.

Thanks!

Leam

On = Wed, May 22, 2013 at 11:28 AM, Milan Broz <gmazyland@gmail.com> wrote:

On 05/22/2013 04:33 PM, Arno Wagner wro= te:
> A look into the man-page of cryptsetup shows that luksAddKey does
> not write the key-file, but reads it. I am surprised though that
> cryptsetup does not complain that the file is missing. With my
> system (cryptsetup 1.6.0) it does:
>
> # cryptsetup luksAddKey /dev/loop0 keyfile
> Enter any passphrase:
> Failed to open key file. =C2=A0 =C2=A0<---
> #

RHEL5 has very old cryptsetup (based on 1.0.3 version) and it is impo= ssible
to rebase there to a new version.
You can create a bug requesting to fix this issue in RH bugzilla though...<= br>
Milan

_______________________________________________
dm-crypt mailing list
dm-crypt@saout.de
http://www.saout.de/mailman/listinfo/dm-crypt

-= -
Mind= on a Mission

--
Mind on a Mission

Mind on a Mission=

--047d7b67618895ff0e04de04ce33-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZOvuk4_qbWqP for ; Fri, 31 May 2013 17:53:46 +0200 (CEST) Received: from v6.tansi.org (unknown [87.118.116.4]) by mail.saout.de (Postfix) with ESMTP for ; Fri, 31 May 2013 17:53:45 +0200 (CEST) Received: from gatewagner.dyndns.org (84-72-142-22.dclient.hispeed.ch [84.72.142.22]) by v6.tansi.org (Postfix) with ESMTPA id A187820DC253 for ; Fri, 31 May 2013 17:53:44 +0200 (CEST) Date: Fri, 31 May 2013 17:53:44 +0200 From: Arno Wagner Message-ID: <20130531155344.GA26327@tansi.org> References: <20130522143345.GB26551@tansi.org> <519CE41B.5030205@gmail.com>

MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Subject: Re: [dm-crypt] luksAddKey successful but not working List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de Hi Leam, On Fri, May 31, 2013 at 10:55:33AM -0400, leam hall wrote: > Okay, progress. And yeah, I dwaddled on reading the FAQ. :( It is a bit complex by now. Maybe I will feel bored some day and make it a proper manual. > I think this works, the volume mounts on boot. However, if I use isLuks on > the /dev/mapper/ it is not. If I use it on the underlying > partition (/dev/sdc1) it gives no response and "echo $?" gives a 0. Add a '-v' to get a human-readable output from isLuks. But, yes, "0" is "success" as by normal Unix exit-code conventions. > So, am I correct in thinking that the volume is LUKS encrypted? How would > you actually test that? I'm only at 2.8 on the FAQ. :) Yes. Arno > Leam > > > > On Fri, May 31, 2013 at 10:09 AM, leam hall wrote: > > > I can build a new box without an encrypted volume, build the volume, and > > have the server ask for the password on boot. What is currently failing is > > reading the keyfile so that it doesn't ask for a password. What part of the > > program/process deals with that? > > > > Thanks! > > > > Leam > > > > > > On Wed, May 22, 2013 at 11:36 AM, leam hall wrote: > > > >> I have a support ticket with RH open now. So far I am not sure it is a > >> bug. It may well just be my misunderstanding. If it does turn out to be a > >> bug I will file it. > >> > >> Thanks! > >> > >> Leam > >> > >> > >> On Wed, May 22, 2013 at 11:28 AM, Milan Broz wrote: > >> > >>> On 05/22/2013 04:33 PM, Arno Wagner wrote: > >>> > A look into the man-page of cryptsetup shows that luksAddKey does > >>> > not write the key-file, but reads it. I am surprised though that > >>> > cryptsetup does not complain that the file is missing. With my > >>> > system (cryptsetup 1.6.0) it does: > >>> > > >>> > # cryptsetup luksAddKey /dev/loop0 keyfile > >>> > Enter any passphrase: > >>> > Failed to open key file. <--- > >>> > # > >>> > >>> RHEL5 has very old cryptsetup (based on 1.0.3 version) and it is > >>> impossible > >>> to rebase there to a new version. > >>> You can create a bug requesting to fix this issue in RH bugzilla > >>> though... > >>> > >>> Milan > >>> _______________________________________________ > >>> dm-crypt mailing list > >>> dm-crypt@saout.de > >>> http://www.saout.de/mailman/listinfo/dm-crypt > >>> > >> > >> > >> > >> -- > >> Mind on a Mission > >> > > > > > > > > -- > > Mind on a Mission > > > > > > -- > Mind on a Mission > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult. --Tony Hoare From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tdQB-Qzl3swY for ; Thu, 6 Jun 2013 19:41:58 +0200 (CEST) Received: from mail-pa0-x235.google.com (mail-pa0-x235.google.com [IPv6:2607:f8b0:400e:c03::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Thu, 6 Jun 2013 19:41:57 +0200 (CEST) Received: by mail-pa0-f53.google.com with SMTP id tj12so124734pac.26 for ; Thu, 06 Jun 2013 10:41:54 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: References: <20130522143345.GB26551@tansi.org> <519CE41B.5030205@gmail.com> Date: Thu, 6 Jun 2013 13:41:54 -0400 Message-ID: From: leam hall Content-Type: multipart/alternative; boundary=bcaec5215b9380729604de7fd449 Subject: Re: [dm-crypt] luksAddKey successful but not working List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de --bcaec5215b9380729604de7fd449 Content-Type: text/plain; charset=UTF-8 This seems resolved with an updated version of the kernel. On Wed, May 22, 2013 at 11:36 AM, leam hall wrote: > I have a support ticket with RH open now. So far I am not sure it is a > bug. It may well just be my misunderstanding. If it does turn out to be a > bug I will file it. > > Thanks! > > Leam > > > On Wed, May 22, 2013 at 11:28 AM, Milan Broz wrote: > >> On 05/22/2013 04:33 PM, Arno Wagner wrote: >> > A look into the man-page of cryptsetup shows that luksAddKey does >> > not write the key-file, but reads it. I am surprised though that >> > cryptsetup does not complain that the file is missing. With my >> > system (cryptsetup 1.6.0) it does: >> > >> > # cryptsetup luksAddKey /dev/loop0 keyfile >> > Enter any passphrase: >> > Failed to open key file. <--- >> > # >> >> RHEL5 has very old cryptsetup (based on 1.0.3 version) and it is >> impossible >> to rebase there to a new version. >> You can create a bug requesting to fix this issue in RH bugzilla though... >> >> Milan >> _______________________________________________ >> dm-crypt mailing list >> dm-crypt@saout.de >> http://www.saout.de/mailman/listinfo/dm-crypt >> > > > > -- > Mind on a Mission > -- Mind on a Mission --bcaec5215b9380729604de7fd449 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

This seems resolved with an updated version of the kernel.=

On= Wed, May 22, 2013 at 11:36 AM, leam hall <leamhall@gmail.com> wrote:

I have a support ticke= t with RH open now. So far I am not sure it is a bug. It may well just be m= y misunderstanding. If it does turn out to be a bug I will file it.

Thanks!

Lea= m

On Wed, May 22, 2013 at 11:28 AM, Milan Broz &l= t;gmazyland@gmail.= com> wrote:

On 05/22/2013 04:33 PM, Arno Wagner wro= te:
> A look into the man-page of cryptsetup shows that luksAddKey does
> not write the key-file, but reads it. I am surprised though that
> cryptsetup does not complain that the file is missing. With my
> system (cryptsetup 1.6.0) it does:
>
> # cryptsetup luksAddKey /dev/loop0 keyfile
> Enter any passphrase:
> Failed to open key file. =C2=A0 =C2=A0<---
> #

RHEL5 has very old cryptsetup (based on 1.0.3 version) and it is impo= ssible
to rebase there to a new version.
You can create a bug requesting to fix this issue in RH bugzilla though...<= br>
Milan

_______________________________________________
dm-crypt mailing list
dm-crypt@saout.de
http://www.saout.de/mailman/listinfo/dm-crypt

--
Mind on a Mission

Mind on a Mission

--bcaec5215b9380729604de7fd449-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JTuvXPw203Nr for ; Wed, 26 Jun 2013 16:12:43 +0200 (CEST) Received: from mail-pb0-x22d.google.com (mail-pb0-x22d.google.com [IPv6:2607:f8b0:400e:c01::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Wed, 26 Jun 2013 16:12:42 +0200 (CEST) Received: by mail-pb0-f45.google.com with SMTP id mc8so14249231pbc.18 for ; Wed, 26 Jun 2013 07:12:41 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: References: <20130522143345.GB26551@tansi.org> <519CE41B.5030205@gmail.com> Date: Wed, 26 Jun 2013 10:12:40 -0400 Message-ID: From: leam hall Content-Type: multipart/alternative; boundary=047d7b6764e6156edb04e00f3d3a Subject: Re: [dm-crypt] luksAddKey successful but not working List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de --047d7b6764e6156edb04e00f3d3a Content-Type: text/plain; charset=UTF-8 Turns out this was a bug implemented in RHEL 5.9. Servers built with older RHEL versions didn't have the issue. RH is working on a solution now. Leam On Wed, May 22, 2013 at 11:36 AM, leam hall wrote: > I have a support ticket with RH open now. So far I am not sure it is a > bug. It may well just be my misunderstanding. If it does turn out to be a > bug I will file it. > > Thanks! > > Leam > > > On Wed, May 22, 2013 at 11:28 AM, Milan Broz wrote: > >> On 05/22/2013 04:33 PM, Arno Wagner wrote: >> > A look into the man-page of cryptsetup shows that luksAddKey does >> > not write the key-file, but reads it. I am surprised though that >> > cryptsetup does not complain that the file is missing. With my >> > system (cryptsetup 1.6.0) it does: >> > >> > # cryptsetup luksAddKey /dev/loop0 keyfile >> > Enter any passphrase: >> > Failed to open key file. <--- >> > # >> >> RHEL5 has very old cryptsetup (based on 1.0.3 version) and it is >> impossible >> to rebase there to a new version. >> You can create a bug requesting to fix this issue in RH bugzilla though... >> >> Milan >> _______________________________________________ >> dm-crypt mailing list >> dm-crypt@saout.de >> http://www.saout.de/mailman/listinfo/dm-crypt >> > > > > -- > Mind on a Mission > -- Mind on a Mission --047d7b6764e6156edb04e00f3d3a Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Turns out this was a bug implemented in RHEL 5.9. Ser= vers built with older RHEL versions didn't have the issue. RH is workin= g on a solution now.

Leam

On Wed, May 22, 2013 at 11:36 AM, leam hall = <leamhall@gmail.com> wrote:

I have a support ticket with RH open now. So far I am= not sure it is a bug. It may well just be my misunderstanding. If it does = turn out to be a bug I will file it.

Thanks!

Leam

On Wed, May 22, 2013 at 11:28 AM, Milan Broz &l= t;gmazyland@gmail.= com> wrote:

On 05/22/2013 04:33 PM, Arno Wagner wro= te:
> A look into the man-page of cryptsetup shows that luksAddKey does
> not write the key-file, but reads it. I am surprised though that
> cryptsetup does not complain that the file is missing. With my
> system (cryptsetup 1.6.0) it does:
>
> # cryptsetup luksAddKey /dev/loop0 keyfile
> Enter any passphrase:
> Failed to open key file. =C2=A0 =C2=A0<---
> #

RHEL5 has very old cryptsetup (based on 1.0.3 version) and it is impo= ssible
to rebase there to a new version.
You can create a bug requesting to fix this issue in RH bugzilla though...<= br>
Milan

_______________________________________________
dm-crypt mailing list
dm-crypt@saout.de
http://www.saout.de/mailman/listinfo/dm-crypt

--
Mind on a Mission

Mind on a Mission

--047d7b6764e6156edb04e00f3d3a--