* [dm-crypt] luksAddKey successful but not working @ 2013-05-22 12:50 leam hall 2013-05-22 14:33 ` Arno Wagner 0 siblings, 1 reply; 13+ messages in thread From: leam hall @ 2013-05-22 12:50 UTC (permalink / raw) To: dm-crypt [-- Attachment #1: Type: text/plain, Size: 712 bytes --] Help! I've nearly broken my desk banging my head against this problem. I am using Red Hat 5.9 base install and trying to set the LUKS volume to come on-line on boot. The volume can be manually mounted. However, when I try to create the key file it becomes a 0 length file and does not work when the system boots. cryptsetup luksAddKey /dev/sda2 keyfile Enter any LUKS passphrase: Verify passphrase: key slot 0 unlocked. Command successful. ls -lart keyfile -rw------- 1 root root 0 May 22 08:42 keyfile cat /etc/crypttab luks /dev/sda2 /root/keyfile luks This is probably operator error but I'm not sure where to look. Any help appreciated! Leam -- Mind on a Mission <http://leamhall.blogspot.com/> [-- Attachment #2: Type: text/html, Size: 946 bytes --] ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [dm-crypt] luksAddKey successful but not working 2013-05-22 12:50 [dm-crypt] luksAddKey successful but not working leam hall @ 2013-05-22 14:33 ` Arno Wagner 2013-05-22 14:48 ` leam hall 2013-05-22 15:28 ` Milan Broz 0 siblings, 2 replies; 13+ messages in thread From: Arno Wagner @ 2013-05-22 14:33 UTC (permalink / raw) To: dm-crypt A look into the man-page of cryptsetup shows that luksAddKey does not write the key-file, but reads it. I am surprised though that cryptsetup does not complain that the file is missing. With my system (cryptsetup 1.6.0) it does: # cryptsetup luksAddKey /dev/loop0 keyfile Enter any passphrase: Failed to open key file. <--- # Have you created "keyfile" before? If so, you just added the empty passphrase to your device, something you probably do not want to do. Arno On Wed, May 22, 2013 at 08:50:22AM -0400, leam hall wrote: > Help! I've nearly broken my desk banging my head against this problem. I am > using Red Hat 5.9 base install and trying to set the LUKS volume to come > on-line on boot. > > The volume can be manually mounted. However, when I try to create the key > file it becomes a 0 length file and does not work when the system boots. > > cryptsetup luksAddKey /dev/sda2 keyfile > Enter any LUKS passphrase: > Verify passphrase: > key slot 0 unlocked. > Command successful. > > > ls -lart keyfile > -rw------- 1 root root 0 May 22 08:42 keyfile > > > cat /etc/crypttab > luks /dev/sda2 /root/keyfile luks > > > This is probably operator error but I'm not sure where to look. Any help > appreciated! > > Leam > > > > -- > Mind on a Mission <http://leamhall.blogspot.com/> > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult. --Tony Hoare ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [dm-crypt] luksAddKey successful but not working 2013-05-22 14:33 ` Arno Wagner @ 2013-05-22 14:48 ` leam hall 2013-05-22 15:00 ` Arno Wagner 2013-05-22 15:28 ` Milan Broz 1 sibling, 1 reply; 13+ messages in thread From: leam hall @ 2013-05-22 14:48 UTC (permalink / raw) To: dm-crypt [-- Attachment #1: Type: text/plain, Size: 2568 bytes --] Hey Arno, thanks! None of the instructions I found talked about manually editing the keyfile with the key. That's why I thought luksAddKey created the file. So far I'm not doing great with this. Either the /dev/sda partition isn't able to be mounted or /dev/mapper/luks isn't viewed as a LUKS partition. On Wed, May 22, 2013 at 10:33 AM, Arno Wagner <arno@wagner.name> wrote: > A look into the man-page of cryptsetup shows that luksAddKey does > not write the key-file, but reads it. I am surprised though that > cryptsetup does not complain that the file is missing. With my > system (cryptsetup 1.6.0) it does: > > # cryptsetup luksAddKey /dev/loop0 keyfile > Enter any passphrase: > Failed to open key file. <--- > # > > Have you created "keyfile" before? If so, you just added the empty > passphrase to your device, something you probably do not want to do. > > Arno > > On Wed, May 22, 2013 at 08:50:22AM -0400, leam hall wrote: > > Help! I've nearly broken my desk banging my head against this problem. I > am > > using Red Hat 5.9 base install and trying to set the LUKS volume to come > > on-line on boot. > > > > The volume can be manually mounted. However, when I try to create the key > > file it becomes a 0 length file and does not work when the system boots. > > > > cryptsetup luksAddKey /dev/sda2 keyfile > > Enter any LUKS passphrase: > > Verify passphrase: > > key slot 0 unlocked. > > Command successful. > > > > > > ls -lart keyfile > > -rw------- 1 root root 0 May 22 08:42 keyfile > > > > > > cat /etc/crypttab > > luks /dev/sda2 /root/keyfile luks > > > > > > This is probably operator error but I'm not sure where to look. Any help > > appreciated! > > > > Leam > > > > > > > > -- > > Mind on a Mission <http://leamhall.blogspot.com/> > > > _______________________________________________ > > dm-crypt mailing list > > dm-crypt@saout.de > > http://www.saout.de/mailman/listinfo/dm-crypt > > > -- > Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name > GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 > ---- > There are two ways of constructing a software design: One way is to make it > so simple that there are obviously no deficiencies, and the other way is to > make it so complicated that there are no obvious deficiencies. The first > method is far more difficult. --Tony Hoare > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt > -- Mind on a Mission <http://leamhall.blogspot.com/> [-- Attachment #2: Type: text/html, Size: 3728 bytes --] ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [dm-crypt] luksAddKey successful but not working 2013-05-22 14:48 ` leam hall @ 2013-05-22 15:00 ` Arno Wagner 0 siblings, 0 replies; 13+ messages in thread From: Arno Wagner @ 2013-05-22 15:00 UTC (permalink / raw) To: dm-crypt No Problem. I would suggest reading the FAQ http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions and the man-page. Takes a while, but afterwards you should understand how things work. Muy experience with "instructions" is that they fail as soon as something is not quite as expected and are absolutely no replacement for getting your own expertise. Arno On Wed, May 22, 2013 at 10:48:52AM -0400, leam hall wrote: > Hey Arno, thanks! None of the instructions I found talked about manually > editing the keyfile with the key. That's why I thought luksAddKey created > the file. > > So far I'm not doing great with this. Either the /dev/sda partition isn't > able to be mounted or /dev/mapper/luks isn't viewed as a LUKS partition. > > > > On Wed, May 22, 2013 at 10:33 AM, Arno Wagner <arno@wagner.name> wrote: > > > A look into the man-page of cryptsetup shows that luksAddKey does > > not write the key-file, but reads it. I am surprised though that > > cryptsetup does not complain that the file is missing. With my > > system (cryptsetup 1.6.0) it does: > > > > # cryptsetup luksAddKey /dev/loop0 keyfile > > Enter any passphrase: > > Failed to open key file. <--- > > # > > > > Have you created "keyfile" before? If so, you just added the empty > > passphrase to your device, something you probably do not want to do. > > > > Arno > > > > On Wed, May 22, 2013 at 08:50:22AM -0400, leam hall wrote: > > > Help! I've nearly broken my desk banging my head against this problem. I > > am > > > using Red Hat 5.9 base install and trying to set the LUKS volume to come > > > on-line on boot. > > > > > > The volume can be manually mounted. However, when I try to create the key > > > file it becomes a 0 length file and does not work when the system boots. > > > > > > cryptsetup luksAddKey /dev/sda2 keyfile > > > Enter any LUKS passphrase: > > > Verify passphrase: > > > key slot 0 unlocked. > > > Command successful. > > > > > > > > > ls -lart keyfile > > > -rw------- 1 root root 0 May 22 08:42 keyfile > > > > > > > > > cat /etc/crypttab > > > luks /dev/sda2 /root/keyfile luks > > > > > > > > > This is probably operator error but I'm not sure where to look. Any help > > > appreciated! > > > > > > Leam > > > > > > > > > > > > -- > > > Mind on a Mission <http://leamhall.blogspot.com/> > > > > > _______________________________________________ > > > dm-crypt mailing list > > > dm-crypt@saout.de > > > http://www.saout.de/mailman/listinfo/dm-crypt > > > > > > -- > > Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name > > GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 > > ---- > > There are two ways of constructing a software design: One way is to make it > > so simple that there are obviously no deficiencies, and the other way is to > > make it so complicated that there are no obvious deficiencies. The first > > method is far more difficult. --Tony Hoare > > _______________________________________________ > > dm-crypt mailing list > > dm-crypt@saout.de > > http://www.saout.de/mailman/listinfo/dm-crypt > > > > > > -- > Mind on a Mission <http://leamhall.blogspot.com/> > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult. --Tony Hoare ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [dm-crypt] luksAddKey successful but not working 2013-05-22 14:33 ` Arno Wagner 2013-05-22 14:48 ` leam hall @ 2013-05-22 15:28 ` Milan Broz 2013-05-22 15:36 ` leam hall 1 sibling, 1 reply; 13+ messages in thread From: Milan Broz @ 2013-05-22 15:28 UTC (permalink / raw) To: dm-crypt On 05/22/2013 04:33 PM, Arno Wagner wrote: > A look into the man-page of cryptsetup shows that luksAddKey does > not write the key-file, but reads it. I am surprised though that > cryptsetup does not complain that the file is missing. With my > system (cryptsetup 1.6.0) it does: > > # cryptsetup luksAddKey /dev/loop0 keyfile > Enter any passphrase: > Failed to open key file. <--- > # RHEL5 has very old cryptsetup (based on 1.0.3 version) and it is impossible to rebase there to a new version. You can create a bug requesting to fix this issue in RH bugzilla though... Milan ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [dm-crypt] luksAddKey successful but not working 2013-05-22 15:28 ` Milan Broz @ 2013-05-22 15:36 ` leam hall 2013-05-30 0:56 ` leam hall ` (3 more replies) 0 siblings, 4 replies; 13+ messages in thread From: leam hall @ 2013-05-22 15:36 UTC (permalink / raw) To: dm-crypt [-- Attachment #1: Type: text/plain, Size: 1071 bytes --] I have a support ticket with RH open now. So far I am not sure it is a bug. It may well just be my misunderstanding. If it does turn out to be a bug I will file it. Thanks! Leam On Wed, May 22, 2013 at 11:28 AM, Milan Broz <gmazyland@gmail.com> wrote: > On 05/22/2013 04:33 PM, Arno Wagner wrote: > > A look into the man-page of cryptsetup shows that luksAddKey does > > not write the key-file, but reads it. I am surprised though that > > cryptsetup does not complain that the file is missing. With my > > system (cryptsetup 1.6.0) it does: > > > > # cryptsetup luksAddKey /dev/loop0 keyfile > > Enter any passphrase: > > Failed to open key file. <--- > > # > > RHEL5 has very old cryptsetup (based on 1.0.3 version) and it is impossible > to rebase there to a new version. > You can create a bug requesting to fix this issue in RH bugzilla though... > > Milan > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt > -- Mind on a Mission <http://leamhall.blogspot.com/> [-- Attachment #2: Type: text/html, Size: 1793 bytes --] ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [dm-crypt] luksAddKey successful but not working 2013-05-22 15:36 ` leam hall @ 2013-05-30 0:56 ` leam hall 2013-05-30 1:10 ` Arno Wagner 2013-05-31 14:09 ` leam hall ` (2 subsequent siblings) 3 siblings, 1 reply; 13+ messages in thread From: leam hall @ 2013-05-30 0:56 UTC (permalink / raw) To: dm-crypt [-- Attachment #1: Type: text/plain, Size: 1781 bytes --] So what I'm seeing is an error "No key available with this passphrase". What makes this odd is that there are two boxes; one build with a file system encrypted and the other adding it afterwards. Both have the same ~/keyfile. The manually built system won't read the keyfile on boot and drops the box into "fix your filesystem" mode. The "encrypted on install" box works just fine.They are pretty much build from the same OS version, though the bad one has more packages. Any ideas on how to trouble-shoot this? Thanks! Leam On Wed, May 22, 2013 at 11:36 AM, leam hall <leamhall@gmail.com> wrote: > I have a support ticket with RH open now. So far I am not sure it is a > bug. It may well just be my misunderstanding. If it does turn out to be a > bug I will file it. > > Thanks! > > Leam > > > On Wed, May 22, 2013 at 11:28 AM, Milan Broz <gmazyland@gmail.com> wrote: > >> On 05/22/2013 04:33 PM, Arno Wagner wrote: >> > A look into the man-page of cryptsetup shows that luksAddKey does >> > not write the key-file, but reads it. I am surprised though that >> > cryptsetup does not complain that the file is missing. With my >> > system (cryptsetup 1.6.0) it does: >> > >> > # cryptsetup luksAddKey /dev/loop0 keyfile >> > Enter any passphrase: >> > Failed to open key file. <--- >> > # >> >> RHEL5 has very old cryptsetup (based on 1.0.3 version) and it is >> impossible >> to rebase there to a new version. >> You can create a bug requesting to fix this issue in RH bugzilla though... >> >> Milan >> _______________________________________________ >> dm-crypt mailing list >> dm-crypt@saout.de >> http://www.saout.de/mailman/listinfo/dm-crypt >> > > > > -- > Mind on a Mission <http://leamhall.blogspot.com/> > -- Mind on a Mission <http://leamhall.blogspot.com/> [-- Attachment #2: Type: text/html, Size: 2999 bytes --] ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [dm-crypt] luksAddKey successful but not working 2013-05-30 0:56 ` leam hall @ 2013-05-30 1:10 ` Arno Wagner 0 siblings, 0 replies; 13+ messages in thread From: Arno Wagner @ 2013-05-30 1:10 UTC (permalink / raw) To: dm-crypt I suspect that something in the initrd or the configuration it uses is missing. Look at the boot messages for anything related, Then look at the contents of the initrd and what it does in the one system and does not do in the other one. Arno On Wed, May 29, 2013 at 08:56:30PM -0400, leam hall wrote: > So what I'm seeing is an error "No key available with this passphrase". > What makes this odd is that there are two boxes; one build with a file > system encrypted and the other adding it afterwards. Both have the same > ~/keyfile. The manually built system won't read the keyfile on boot and > drops the box into "fix your filesystem" mode. The "encrypted on install" > box works just fine.They are pretty much build from the same OS version, > though the bad one has more packages. > > Any ideas on how to trouble-shoot this? > > Thanks! > > Leam > > > On Wed, May 22, 2013 at 11:36 AM, leam hall <leamhall@gmail.com> wrote: > > > I have a support ticket with RH open now. So far I am not sure it is a > > bug. It may well just be my misunderstanding. If it does turn out to be a > > bug I will file it. > > > > Thanks! > > > > Leam > > > > > > On Wed, May 22, 2013 at 11:28 AM, Milan Broz <gmazyland@gmail.com> wrote: > > > >> On 05/22/2013 04:33 PM, Arno Wagner wrote: > >> > A look into the man-page of cryptsetup shows that luksAddKey does > >> > not write the key-file, but reads it. I am surprised though that > >> > cryptsetup does not complain that the file is missing. With my > >> > system (cryptsetup 1.6.0) it does: > >> > > >> > # cryptsetup luksAddKey /dev/loop0 keyfile > >> > Enter any passphrase: > >> > Failed to open key file. <--- > >> > # > >> > >> RHEL5 has very old cryptsetup (based on 1.0.3 version) and it is > >> impossible > >> to rebase there to a new version. > >> You can create a bug requesting to fix this issue in RH bugzilla though... > >> > >> Milan > >> _______________________________________________ > >> dm-crypt mailing list > >> dm-crypt@saout.de > >> http://www.saout.de/mailman/listinfo/dm-crypt > >> > > > > > > > > -- > > Mind on a Mission <http://leamhall.blogspot.com/> > > > > > > -- > Mind on a Mission <http://leamhall.blogspot.com/> > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult. --Tony Hoare ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [dm-crypt] luksAddKey successful but not working 2013-05-22 15:36 ` leam hall 2013-05-30 0:56 ` leam hall @ 2013-05-31 14:09 ` leam hall 2013-05-31 14:55 ` leam hall 2013-06-06 17:41 ` leam hall 2013-06-26 14:12 ` leam hall 3 siblings, 1 reply; 13+ messages in thread From: leam hall @ 2013-05-31 14:09 UTC (permalink / raw) To: dm-crypt [-- Attachment #1: Type: text/plain, Size: 1524 bytes --] I can build a new box without an encrypted volume, build the volume, and have the server ask for the password on boot. What is currently failing is reading the keyfile so that it doesn't ask for a password. What part of the program/process deals with that? Thanks! Leam On Wed, May 22, 2013 at 11:36 AM, leam hall <leamhall@gmail.com> wrote: > I have a support ticket with RH open now. So far I am not sure it is a > bug. It may well just be my misunderstanding. If it does turn out to be a > bug I will file it. > > Thanks! > > Leam > > > On Wed, May 22, 2013 at 11:28 AM, Milan Broz <gmazyland@gmail.com> wrote: > >> On 05/22/2013 04:33 PM, Arno Wagner wrote: >> > A look into the man-page of cryptsetup shows that luksAddKey does >> > not write the key-file, but reads it. I am surprised though that >> > cryptsetup does not complain that the file is missing. With my >> > system (cryptsetup 1.6.0) it does: >> > >> > # cryptsetup luksAddKey /dev/loop0 keyfile >> > Enter any passphrase: >> > Failed to open key file. <--- >> > # >> >> RHEL5 has very old cryptsetup (based on 1.0.3 version) and it is >> impossible >> to rebase there to a new version. >> You can create a bug requesting to fix this issue in RH bugzilla though... >> >> Milan >> _______________________________________________ >> dm-crypt mailing list >> dm-crypt@saout.de >> http://www.saout.de/mailman/listinfo/dm-crypt >> > > > > -- > Mind on a Mission <http://leamhall.blogspot.com/> > -- Mind on a Mission <http://leamhall.blogspot.com/> [-- Attachment #2: Type: text/html, Size: 2657 bytes --] ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [dm-crypt] luksAddKey successful but not working 2013-05-31 14:09 ` leam hall @ 2013-05-31 14:55 ` leam hall 2013-05-31 15:53 ` Arno Wagner 0 siblings, 1 reply; 13+ messages in thread From: leam hall @ 2013-05-31 14:55 UTC (permalink / raw) To: dm-crypt [-- Attachment #1: Type: text/plain, Size: 2136 bytes --] Okay, progress. And yeah, I dwaddled on reading the FAQ. :( I think this works, the volume mounts on boot. However, if I use isLuks on the /dev/mapper/<volume> it is not. If I use it on the underlying partition (/dev/sdc1) it gives no response and "echo $?" gives a 0. So, am I correct in thinking that the volume is LUKS encrypted? How would you actually test that? I'm only at 2.8 on the FAQ. :) Leam On Fri, May 31, 2013 at 10:09 AM, leam hall <leamhall@gmail.com> wrote: > I can build a new box without an encrypted volume, build the volume, and > have the server ask for the password on boot. What is currently failing is > reading the keyfile so that it doesn't ask for a password. What part of the > program/process deals with that? > > Thanks! > > Leam > > > On Wed, May 22, 2013 at 11:36 AM, leam hall <leamhall@gmail.com> wrote: > >> I have a support ticket with RH open now. So far I am not sure it is a >> bug. It may well just be my misunderstanding. If it does turn out to be a >> bug I will file it. >> >> Thanks! >> >> Leam >> >> >> On Wed, May 22, 2013 at 11:28 AM, Milan Broz <gmazyland@gmail.com> wrote: >> >>> On 05/22/2013 04:33 PM, Arno Wagner wrote: >>> > A look into the man-page of cryptsetup shows that luksAddKey does >>> > not write the key-file, but reads it. I am surprised though that >>> > cryptsetup does not complain that the file is missing. With my >>> > system (cryptsetup 1.6.0) it does: >>> > >>> > # cryptsetup luksAddKey /dev/loop0 keyfile >>> > Enter any passphrase: >>> > Failed to open key file. <--- >>> > # >>> >>> RHEL5 has very old cryptsetup (based on 1.0.3 version) and it is >>> impossible >>> to rebase there to a new version. >>> You can create a bug requesting to fix this issue in RH bugzilla >>> though... >>> >>> Milan >>> _______________________________________________ >>> dm-crypt mailing list >>> dm-crypt@saout.de >>> http://www.saout.de/mailman/listinfo/dm-crypt >>> >> >> >> >> -- >> Mind on a Mission <http://leamhall.blogspot.com/> >> > > > > -- > Mind on a Mission <http://leamhall.blogspot.com/> > -- Mind on a Mission <http://leamhall.blogspot.com/> [-- Attachment #2: Type: text/html, Size: 3718 bytes --] ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [dm-crypt] luksAddKey successful but not working 2013-05-31 14:55 ` leam hall @ 2013-05-31 15:53 ` Arno Wagner 0 siblings, 0 replies; 13+ messages in thread From: Arno Wagner @ 2013-05-31 15:53 UTC (permalink / raw) To: dm-crypt Hi Leam, On Fri, May 31, 2013 at 10:55:33AM -0400, leam hall wrote: > Okay, progress. And yeah, I dwaddled on reading the FAQ. :( It is a bit complex by now. Maybe I will feel bored some day and make it a proper manual. > I think this works, the volume mounts on boot. However, if I use isLuks on > the /dev/mapper/<volume> it is not. If I use it on the underlying > partition (/dev/sdc1) it gives no response and "echo $?" gives a 0. Add a '-v' to get a human-readable output from isLuks. But, yes, "0" is "success" as by normal Unix exit-code conventions. > So, am I correct in thinking that the volume is LUKS encrypted? How would > you actually test that? I'm only at 2.8 on the FAQ. :) Yes. Arno > Leam > > > > On Fri, May 31, 2013 at 10:09 AM, leam hall <leamhall@gmail.com> wrote: > > > I can build a new box without an encrypted volume, build the volume, and > > have the server ask for the password on boot. What is currently failing is > > reading the keyfile so that it doesn't ask for a password. What part of the > > program/process deals with that? > > > > Thanks! > > > > Leam > > > > > > On Wed, May 22, 2013 at 11:36 AM, leam hall <leamhall@gmail.com> wrote: > > > >> I have a support ticket with RH open now. So far I am not sure it is a > >> bug. It may well just be my misunderstanding. If it does turn out to be a > >> bug I will file it. > >> > >> Thanks! > >> > >> Leam > >> > >> > >> On Wed, May 22, 2013 at 11:28 AM, Milan Broz <gmazyland@gmail.com> wrote: > >> > >>> On 05/22/2013 04:33 PM, Arno Wagner wrote: > >>> > A look into the man-page of cryptsetup shows that luksAddKey does > >>> > not write the key-file, but reads it. I am surprised though that > >>> > cryptsetup does not complain that the file is missing. With my > >>> > system (cryptsetup 1.6.0) it does: > >>> > > >>> > # cryptsetup luksAddKey /dev/loop0 keyfile > >>> > Enter any passphrase: > >>> > Failed to open key file. <--- > >>> > # > >>> > >>> RHEL5 has very old cryptsetup (based on 1.0.3 version) and it is > >>> impossible > >>> to rebase there to a new version. > >>> You can create a bug requesting to fix this issue in RH bugzilla > >>> though... > >>> > >>> Milan > >>> _______________________________________________ > >>> dm-crypt mailing list > >>> dm-crypt@saout.de > >>> http://www.saout.de/mailman/listinfo/dm-crypt > >>> > >> > >> > >> > >> -- > >> Mind on a Mission <http://leamhall.blogspot.com/> > >> > > > > > > > > -- > > Mind on a Mission <http://leamhall.blogspot.com/> > > > > > > -- > Mind on a Mission <http://leamhall.blogspot.com/> > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult. --Tony Hoare ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [dm-crypt] luksAddKey successful but not working 2013-05-22 15:36 ` leam hall 2013-05-30 0:56 ` leam hall 2013-05-31 14:09 ` leam hall @ 2013-06-06 17:41 ` leam hall 2013-06-26 14:12 ` leam hall 3 siblings, 0 replies; 13+ messages in thread From: leam hall @ 2013-06-06 17:41 UTC (permalink / raw) To: dm-crypt [-- Attachment #1: Type: text/plain, Size: 1311 bytes --] This seems resolved with an updated version of the kernel. On Wed, May 22, 2013 at 11:36 AM, leam hall <leamhall@gmail.com> wrote: > I have a support ticket with RH open now. So far I am not sure it is a > bug. It may well just be my misunderstanding. If it does turn out to be a > bug I will file it. > > Thanks! > > Leam > > > On Wed, May 22, 2013 at 11:28 AM, Milan Broz <gmazyland@gmail.com> wrote: > >> On 05/22/2013 04:33 PM, Arno Wagner wrote: >> > A look into the man-page of cryptsetup shows that luksAddKey does >> > not write the key-file, but reads it. I am surprised though that >> > cryptsetup does not complain that the file is missing. With my >> > system (cryptsetup 1.6.0) it does: >> > >> > # cryptsetup luksAddKey /dev/loop0 keyfile >> > Enter any passphrase: >> > Failed to open key file. <--- >> > # >> >> RHEL5 has very old cryptsetup (based on 1.0.3 version) and it is >> impossible >> to rebase there to a new version. >> You can create a bug requesting to fix this issue in RH bugzilla though... >> >> Milan >> _______________________________________________ >> dm-crypt mailing list >> dm-crypt@saout.de >> http://www.saout.de/mailman/listinfo/dm-crypt >> > > > > -- > Mind on a Mission <http://leamhall.blogspot.com/> > -- Mind on a Mission <http://leamhall.blogspot.com/> [-- Attachment #2: Type: text/html, Size: 2427 bytes --] ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [dm-crypt] luksAddKey successful but not working 2013-05-22 15:36 ` leam hall ` (2 preceding siblings ...) 2013-06-06 17:41 ` leam hall @ 2013-06-26 14:12 ` leam hall 3 siblings, 0 replies; 13+ messages in thread From: leam hall @ 2013-06-26 14:12 UTC (permalink / raw) To: dm-crypt [-- Attachment #1: Type: text/plain, Size: 1403 bytes --] Turns out this was a bug implemented in RHEL 5.9. Servers built with older RHEL versions didn't have the issue. RH is working on a solution now. Leam On Wed, May 22, 2013 at 11:36 AM, leam hall <leamhall@gmail.com> wrote: > I have a support ticket with RH open now. So far I am not sure it is a > bug. It may well just be my misunderstanding. If it does turn out to be a > bug I will file it. > > Thanks! > > Leam > > > On Wed, May 22, 2013 at 11:28 AM, Milan Broz <gmazyland@gmail.com> wrote: > >> On 05/22/2013 04:33 PM, Arno Wagner wrote: >> > A look into the man-page of cryptsetup shows that luksAddKey does >> > not write the key-file, but reads it. I am surprised though that >> > cryptsetup does not complain that the file is missing. With my >> > system (cryptsetup 1.6.0) it does: >> > >> > # cryptsetup luksAddKey /dev/loop0 keyfile >> > Enter any passphrase: >> > Failed to open key file. <--- >> > # >> >> RHEL5 has very old cryptsetup (based on 1.0.3 version) and it is >> impossible >> to rebase there to a new version. >> You can create a bug requesting to fix this issue in RH bugzilla though... >> >> Milan >> _______________________________________________ >> dm-crypt mailing list >> dm-crypt@saout.de >> http://www.saout.de/mailman/listinfo/dm-crypt >> > > > > -- > Mind on a Mission <http://leamhall.blogspot.com/> > -- Mind on a Mission <http://leamhall.blogspot.com/> [-- Attachment #2: Type: text/html, Size: 2541 bytes --] ^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2013-06-26 14:12 UTC | newest] Thread overview: 13+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2013-05-22 12:50 [dm-crypt] luksAddKey successful but not working leam hall 2013-05-22 14:33 ` Arno Wagner 2013-05-22 14:48 ` leam hall 2013-05-22 15:00 ` Arno Wagner 2013-05-22 15:28 ` Milan Broz 2013-05-22 15:36 ` leam hall 2013-05-30 0:56 ` leam hall 2013-05-30 1:10 ` Arno Wagner 2013-05-31 14:09 ` leam hall 2013-05-31 14:55 ` leam hall 2013-05-31 15:53 ` Arno Wagner 2013-06-06 17:41 ` leam hall 2013-06-26 14:12 ` leam hall
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.