I’ve recently installed nethserver, using LUKS for / and swap. I find my cryptab looks like:
luks-<uuid1> UUID=<uuid1> none
luks-<uuid2> UUID=<uuid2> none
/dev/mapper/luks-<uuid2> / ext4 defaults,x-systemd.device-timeout=0 1 1
UUID=<uuid3> /boot ext4 defaults 1 2
/dev/mapper/luks-<uuid1> swap swap defaults,x-systemd.device-timeout=0 0 0
What perplexes me about this is that on bootup, I am only asked for my password once. I’m wondering how that happens, as I would like to add another LUKS encrypted hard drive for backups from the machines on the LAN. With Debian, I had to use
keyscript=decrypt_keyctl, but some other magic is solving the problem here.
what do you think about it, @support_team ?
Hi diagon, I would like to try that. Can you tell me how you did it, maybe step by step?
I tested luks with ubuntu, debian… Lets see how Nethserver work with luks.
Edit: I think I found a nice HowTo for that: Install and Setup CentOS 7 to Remotely Unlock LVM on LUKS Disk Encryption Using SSH
That’s remote unlock, which is useful but not what I’m after. It sounds like you just want to use LUKS with Nethserver. That’s easy. You can set it up in the installer. Just do a manual partition of the hard drive.
Hi diagon, OK I will test it. Thanks…
This turned out to be quite easy, as systemd will now decrypt as many disks as it can with the first password it is given. So we just need to add another line like:
luks-<uuid3> UUID=<uuid3> none
If you fail to put in the right password on the first try, be aware that it will then ask for one password for each device.