[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to attach a fully encrypted drive to Stretch



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, Jun 26, 2017 at 08:17:33PM +0000, commentsabout@riseup.net wrote:
> Hello,
> 
> On 2017-06-26 19:36, Eduardo M KALINOWSKI wrote:
> > On 26-06-2017 16:28, commentsabout@riseup.net wrote:
> >> I have an adapter to connect my older Jessie (fully encrypted) SATA HDD
> >> to a USB port. Simply plugin the older disk/adapter into the freshly
> >> installed Stretch doesn't seem to work (I'm not being prompted for a
> >> passphrase).
> >>
> >> What is the proper way to access the data on that drive when connected
> >> to the host system via a USB adapter ?
> >>
> >> I found an answer on
> >> <https://unix.stackexchange.com/questions/186375/mount-encrypted-volume-in-debian>
> >> but do not know if it is valid and am not keen on running undocumented
> >> commands/commands that I do not understand.
> > 
> > Assuming the disk is a LUKS encrypted volume (the default since who
> > knows when), the command is exactly the one in your link.
> 
> Thank you for your answer.
> 
> There are actually several answers on the Stack Exchange thread, which
> one is the right one ?
> 
> This one ?
> 
> > cryptsetup luksOpen /dev/sdb1 disk2
> > modprobe dm-mod
> > vgchange -ay
> > mount /dev/disk2/disk2 /disk2

Which one you mount depends, of course, on where device mapper has
put the device file. With the cryptsetup above, on my box, the device
file would appear in /dev/mapper/disk2, for example.

In most cases, the vgchange happens automagically[1]. For my encrypted
backups, I do, for example

  # NOTE change /dev/sdb by whatever device the stick/external drive
  #      "appears" as:
  sudo cryptsetup luksOpen /dev/sdb backup
  sudo mount /dev/mapper/backup /media/backup
  rsync ... /home /media/backup/myself/home
  sync
  sudo umount /media/backup
  sudo cryptsetup luksClose backup

(of course, the rsync ... is actually a script and a tad more complicated,
but you get the idea).

NOTE: I have there /dev/sdb -- this is an unpartitioned disk with one big
LUKS volume on it. This is a bit unconventional; in your case you might
have one partition (e.g. /dev/sdb1).

Cheers

[1] I must admit that I don't know *who* is actually doing that for
    me :-)
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAllSDpIACgkQBcgs9XrR2kZbSQCcD+sAL8lt98Cc8wQgd9uileD/
segAoII4E1V4XoA6RSIQ0EEHIn9UYtsz
=aGaA
-----END PGP SIGNATURE-----


Reply to: