Re: How to attach a fully encrypted drive to Stretch

To: debian-user@lists.debian.org
Subject: Re: How to attach a fully encrypted drive to Stretch
From: <tomas@tuxteam.de>
Date: Tue, 27 Jun 2017 09:51:46 +0200
Message-id: <[🔎] 20170627075146.GA30260@tuxteam.de>
In-reply-to: <[🔎] 81c3de56195b65c8137584e7cf8d9ae7@riseup.net>
References: <[🔎] ca55c30028ea39bfea10783f02d44346@riseup.net> <[🔎] 41aec535-1341-9a44-6825-ce2ca7b4e6fa@kalinowski.com.br> <[🔎] 81c3de56195b65c8137584e7cf8d9ae7@riseup.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, Jun 26, 2017 at 08:17:33PM +0000, commentsabout@riseup.net wrote:
> Hello,
> 
> On 2017-06-26 19:36, Eduardo M KALINOWSKI wrote:
> > On 26-06-2017 16:28, commentsabout@riseup.net wrote:
> >> I have an adapter to connect my older Jessie (fully encrypted) SATA HDD
> >> to a USB port. Simply plugin the older disk/adapter into the freshly
> >> installed Stretch doesn't seem to work (I'm not being prompted for a
> >> passphrase).
> >>
> >> What is the proper way to access the data on that drive when connected
> >> to the host system via a USB adapter ?
> >>
> >> I found an answer on
> >> <https://unix.stackexchange.com/questions/186375/mount-encrypted-volume-in-debian>
> >> but do not know if it is valid and am not keen on running undocumented
> >> commands/commands that I do not understand.
> > 
> > Assuming the disk is a LUKS encrypted volume (the default since who
> > knows when), the command is exactly the one in your link.
> 
> Thank you for your answer.
> 
> There are actually several answers on the Stack Exchange thread, which
> one is the right one ?
> 
> This one ?
> 
> > cryptsetup luksOpen /dev/sdb1 disk2
> > modprobe dm-mod
> > vgchange -ay
> > mount /dev/disk2/disk2 /disk2

Which one you mount depends, of course, on where device mapper has
put the device file. With the cryptsetup above, on my box, the device
file would appear in /dev/mapper/disk2, for example.

In most cases, the vgchange happens automagically[1]. For my encrypted
backups, I do, for example

  # NOTE change /dev/sdb by whatever device the stick/external drive
  #      "appears" as:
  sudo cryptsetup luksOpen /dev/sdb backup
  sudo mount /dev/mapper/backup /media/backup
  rsync ... /home /media/backup/myself/home
  sync
  sudo umount /media/backup
  sudo cryptsetup luksClose backup

(of course, the rsync ... is actually a script and a tad more complicated,
but you get the idea).

NOTE: I have there /dev/sdb -- this is an unpartitioned disk with one big
LUKS volume on it. This is a bit unconventional; in your case you might
have one partition (e.g. /dev/sdb1).

Cheers

[1] I must admit that I don't know *who* is actually doing that for
    me :-)
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAllSDpIACgkQBcgs9XrR2kZbSQCcD+sAL8lt98Cc8wQgd9uileD/
segAoII4E1V4XoA6RSIQ0EEHIn9UYtsz
=aGaA
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: How to attach a fully encrypted drive to Stretch
  - From: Hans <hans.ullrich@loop.de>

References:
- How to attach a fully encrypted drive to Stretch
  - From: commentsabout@riseup.net
- Re: How to attach a fully encrypted drive to Stretch
  - From: Eduardo M KALINOWSKI <eduardo@kalinowski.com.br>
- Re: How to attach a fully encrypted drive to Stretch
  - From: commentsabout@riseup.net

Prev by Date: Re: How did you update to stretch?
Next by Date: Re: How did you update to stretch?
Previous by thread: Re: How to attach a fully encrypted drive to Stretch
Next by thread: Re: How to attach a fully encrypted drive to Stretch
Index(es):
- Date
- Thread