Adding a LUKS Device - Avoid repeating password?

I’ve recently installed nethserver, using LUKS for / and swap. I find my cryptab looks like:

luks-<uuid1> UUID=<uuid1> none 
luks-<uuid2> UUID=<uuid2> none

And fstab:

/dev/mapper/luks-<uuid2>    /           ext4    defaults,x-systemd.device-timeout=0 1 1
UUID=<uuid3>                /boot       ext4    defaults        1 2
/dev/mapper/luks-<uuid1>    swap        swap    defaults,x-systemd.device-timeout=0 0 0

What perplexes me about this is that on bootup, I am only asked for my password once. I’m wondering how that happens, as I would like to add another LUKS encrypted hard drive for backups from the machines on the LAN. With Debian, I had to use keyscript=decrypt_keyctl, but some other magic is solving the problem here.

1 Like

what do you think about it, @support_team ?

Hi diagon, I would like to try that. Can you tell me how you did it, maybe step by step?

I tested luks with ubuntu, debian… Lets see how Nethserver work with luks.

Edit: I think I found a nice HowTo for that: Install and Setup CentOS 7 to Remotely Unlock LVM on LUKS Disk Encryption Using SSH

That’s remote unlock, which is useful but not what I’m after. It sounds like you just want to use LUKS with Nethserver. That’s easy. You can set it up in the installer. Just do a manual partition of the hard drive.

Hi diagon, OK I will test it. Thanks…

This turned out to be quite easy, as systemd will now decrypt as many disks as it can with the first password it is given. So we just need to add another line like:

luks-<uuid3> UUID=<uuid3> none

If you fail to put in the right password on the first try, be aware that it will then ask for one password for each device.