LUKS /etc/crypttab only first line being read?
bchoi0000
Member Posts: 7 ■□□□□□□□□□
I'm running Scientific Linux 6.
I have 2 filesystems in /etc/crypttab.
lvol0 UUID=xxxxxxx none (or key-file)
lvol1 UUID=yyyyyy none (or key-file)
Good news is when both point to a key-file, both get decrypted, and then are mounted via /etc/fstab. I believe it really works because if I alter the key-file, the lvols don't open and the filesystems don't mount.
Bad news is when both lines has the "none" option to ask for a passphrase, only the first filesystem listed asks for the passphrase during bootup. I can switch the lines, so it's not filessystem dependent, just only the first listed asks for a passphrase. Both filesystems do get mounted, so I assume the second one listed also gets decrypted.
Anyone seeing this?
I have 2 filesystems in /etc/crypttab.
lvol0 UUID=xxxxxxx none (or key-file)
lvol1 UUID=yyyyyy none (or key-file)
Good news is when both point to a key-file, both get decrypted, and then are mounted via /etc/fstab. I believe it really works because if I alter the key-file, the lvols don't open and the filesystems don't mount.
Bad news is when both lines has the "none" option to ask for a passphrase, only the first filesystem listed asks for the passphrase during bootup. I can switch the lines, so it's not filessystem dependent, just only the first listed asks for a passphrase. Both filesystems do get mounted, so I assume the second one listed also gets decrypted.
Anyone seeing this?
Comments
-
Forsaken_GA
Member Posts: 4,024
Do they both use the same passphrase? If so, I'm not terribly surprised it doesn't ask a second time - it already knows how to decrypt anything that requires that passphrase.
Try encrypting the second filesystem using different credentials, I'm betting you will get the second prompt. -
bchoi0000
Member Posts: 7 ■□□□□□□□□□
Forsaken_GA wrote: »Do they both use the same passphrase? If so, I'm not terribly surprised it doesn't ask a second time - it already knows how to decrypt anything that requires that passphrase.
Try encrypting the second filesystem using different credentials, I'm betting you will get the second prompt.
You're right, that's exactly it. I didn't try it because I thought I read people were complaining that LUKS was asking for the password for all filesystems even if the password was the same.
What is the reason for LUKS trying the first passphrase on the next filesystem? -
Forsaken_GA
Member Posts: 4,024
You're right, that's exactly it. I didn't try it because I thought I read people were complaining that LUKS was asking for the password for all filesystems even if the password was the same.
What is the reason for LUKS trying the first passphrase on the next filesystem?
Well, LUKS does store your phassphrase in memory after you enter it (there was a bug where it used to store the passphrase in plaintext, making it possible to recover from RAM, even after a cold boot). It makes sense to try the credentials you've already got cached first before you ask for a new one, in case they're the same.