Hallo,
ist zwar schon einige Zeit her, aber wage nun mit squeeze einen neuen Versuch (endlich mal wieder Zeit gefunden ).
Ich habe bei der Debian-Installation 3 Partitionen erstellt:
1e unverschlüsselte BOOT-Partition
2e verschlüsselte SWAP-Partition (Schlüssel=Zufällig generiert)
3e verschlüsselte Partition auf der sich ein LVM mit Root; Home; .... befindet
(Schlüssel=Passphrase; soll durch key-file ersetzt werden)
Das starten mit einem key-file über USB-Stick klappt nun dank der vorherigen Tipps; allerdings werden beim Hochfahren einige Fehlermeldungen ausgegeben die ich gerne beheben würde und ich bin mir überhaupt nicht mehr sicher ob alle Einträge vollständig/ oder übervollständig sind bzw. ob man einige Sachen nicht eleganter/besser lösen könnte ....
Zur Übersicht:
/etc/initramfs-tools/modules:
Code:
# List of modules that you want to include in your initramfs.
# They will be loaded at boot time in the order below.
#
# Syntax: module_name [args ...]
#
# You must run update-initramfs(8) to effect this change.
#
# Examples:
#
# raid1
sd_mod
nls_cp437
nls_iso8859_1
aes-x86_64
dm-crypt
dm-mod
sha256
sd_mod
usb_storage
/boot/keyscript.sh
Code:
!/bin/sh
modprobe usb-storage 1>&2
sleep 5
[-d /usb ] || mkdir /usb 1>&2
mount -t ext2 /dev/disk/by-uuid/5d676fbe-bbc7-4b8d-8e3a-cd2bebbc0f6c /usb 1>&2
cat /usb/key
umount /usb 1>&2
/etc/cryptab
Code:
sda5_crypt /dev/sda5 /dev/urandom cipher=aes-cbc-essiv:sha256,size=256,swap
sda6_crypt UUID=166b2a66-557b-4e31-94de-bb08d5e1122e none luks,keyscript=/boot/keyscript.sh
/etc/default/cryptdisks
Code:
# Run cryptdisks initscripts at startup? Default is Yes.
CRYPTDISKS_ENABLE=Yes
# Mountpoints to mount, before cryptsetup is invoked at initscripts. Takes
# mountpoins which are configured in /etc/fstab as arguments. Separate
# mountpoints by space.
# This is useful for keyfiles on removable media. Default is unset.
CRYPTDISKS_MOUNT="/usb"
# Default check script. Takes effect, if the 'check' option is set in crypttab
# without a value.
CRYPTDISKS_CHECK=blkid
# Default precheck script. Takes effect, if the 'precheck' option is set in
# crypttab without a value.
# Default is 'un_blkid' for plain dm-crypt devices if unset here.
CRYPTDISKS_PRECHECK=
Fehlermeldung beim Hochfahren
Code:
Sun Feb 27 20:35:39 2011: Setting preliminary keymap...done.
Sun Feb 27 20:35:39 2011: Checking root file system...fsck from util-linux-ng 2.17.2
Sun Feb 27 20:35:39 2011: /dev/mapper/server_haupt-root: clean, 29562/29835264 files, 2109616/119336960 blocks
Sun Feb 27 20:35:39 2011: done.
Sun Feb 27 20:35:39 2011: Starting early crypto disks...mount: can't find /usb in /etc/fstab or /etc/mtab
Sun Feb 27 20:35:39 2011: sda5_crypt (starting)...
Sun Feb 27 20:35:40 2011: script /boot/keyscript.sh is not an executable script skipping ... ^[[33m(warning).^[[39;49m
Sun Feb 27 20:35:40 2011: ^[[31mfailed.^[[39;49m
Sun Feb 27 20:35:40 2011: done.
Sun Feb 27 20:35:40 2011: Cleaning up ifupdown....
Sun Feb 27 20:35:40 2011: Setting up networking....
Sun Feb 27 20:35:40 2011: Loading kernel modules...done.
Sun Feb 27 20:35:40 2011: Setting up LVM Volume Groups Reading all physical volumes. This may take a while...
Sun Feb 27 20:35:40 2011: Found volume group "server_haupt" using metadata type lvm2
Sun Feb 27 20:35:40 2011: 2 logical volume(s) in volume group "server_haupt" now active
Sun Feb 27 20:35:40 2011: .
Sun Feb 27 20:35:40 2011: Starting remaining crypto disks...mount: can't find /usb in /etc/fstab or /etc/mtab
Sun Feb 27 20:35:40 2011: script /boot/keyscript.sh is not an executable script skipping ... ^[[33m(warning).^[[39;49m
Sun Feb 27 20:35:40 2011: ^[[31mfailed.^[[39;49m
Sun Feb 27 20:35:40 2011: done.
Sun Feb 27 20:35:40 2011: Activating lvm and md swap...done.
Sun Feb 27 20:35:40 2011: Checking file systems...fsck from util-linux-ng 2.17.2
Sun Feb 27 20:35:40 2011: /dev/sda1: clean, 228/146016 files, 53282/291840 blocks
Sun Feb 27 20:35:40 2011: /dev/mapper/server_haupt-home: clean, 22/183264 files, 28981/732160 blocks
Sun Feb 27 20:35:40 2011: done.
Sun Feb 27 20:35:40 2011: Mounting local filesystems...done.
Sun Feb 27 20:35:41 2011: Activating swapfile swap...done.
Sun Feb 27 20:35:41 2011: Cleaning up temporary files....
Sun Feb 27 20:35:41 2011: Configuring network interfaces...done.
Sun Feb 27 20:35:41 2011: Starting portmap daemon....
Sun Feb 27 20:35:41 2011: Starting NFS common utilities: statd.
Sun Feb 27 20:35:41 2011: Cleaning up temporary files....
Sun Feb 27 20:35:41 2011: Setting console screen modes.
Sun Feb 27 20:35:41 2011: ^[]R^[[9;30]^[[14;30]Skipping font and keymap setup (handled by console-setup).
Sun Feb 27 20:35:41 2011: Setting up console font and keymap...done.
Sun Feb 27 20:35:42 2011: Setting kernel variables ...done.
Sun Feb 27 20:35:42 2011: INIT: Entering runlevel: 2
Sun Feb 27 20:35:42 2011: Using makefile-style concurrent boot in runlevel 2.
Sun Feb 27 20:35:42 2011: Starting NFS common utilities: statd.
Sun Feb 27 20:35:42 2011: Starting portmap daemon...Already running..
Sun Feb 27 20:35:42 2011: Starting enhanced syslogd: rsyslogd.
Sun Feb 27 20:35:43 2011: Starting ACPI services....
Sun Feb 27 20:35:43 2011: Exporting directories for NFS kernel daemon....
Sun Feb 27 20:35:43 2011: Starting NFS kernel daemon: nfsd mountd.
Sun Feb 27 20:35:43 2011: Starting deferred execution scheduler: atd.
Sun Feb 27 20:35:43 2011: Starting periodic command scheduler: cron.
Sun Feb 27 20:35:44 2011: Starting system message bus: dbus.
Sun Feb 27 20:35:44 2011: Starting Samba daemons: nmbd smbd.
Sun Feb 27 20:35:44 2011: Starting MTA: exim4.
Sun Feb 27 20:35:45 2011: Starting internet superserver: inetd.
Sun Feb 27 20:35:45 2011: Starting OpenBSD Secure Shell server: sshd.
Sun Feb 27 20:35:45 2011: Starting the Winbind daemon: winbind.
Lesezeichen