Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 11
Hi! I was trying to follow the tutorial on "Protecting Data with Encrypted Linux Partitions" by Kashyap. After I moved all my data temporarily and have started, I encountered this... ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Engineer nujinini's Avatar
    Join Date
    Apr 2009
    Posts
    1,272

    Help:"Protecting Data w/ Encrypted Linux Partitions"


    Hi!

    I was trying to follow the tutorial on "Protecting Data with Encrypted Linux Partitions" by Kashyap.

    After I moved all my data temporarily and have started, I encountered this...

    Code:
    [jun@localhost ~]$ su -
    Password: 
    [root@localhost ~]# cryptsetup --verbose --verify-passphrase -c aes-cbc-plain luksFormat /dev/sda8
    
    WARNING!
    ========
    This will overwrite data on /dev/sda8 irrevocably.
    
    Are you sure? (Type uppercase yes): YES
    Command failed: Can not access device
    So I thought it was a problem in having the /dev/sda8 partition mounted so I executed this. Still got the same error. Can somebody please teach me what am I suppose to do please? Thanks!

    Code:
    [root@localhost ~]# mount /dev/sda8 /media/sda8
    [root@localhost ~]# cryptsetup --verbose --verify-passphrase -c aes-cbc-plain luksFormat /dev/sda8
    
    WARNING!
    ========
    This will overwrite data on /dev/sda8 irrevocably.
    
    Are you sure? (Type uppercase yes): YES
    Command failed: Can not access device
    [root@localhost ~]#
    nujinini
    Linux User #489667

  2. #2
    Super Moderator devils casper's Avatar
    Join Date
    Jun 2006
    Location
    Chandigarh, India
    Posts
    24,729
    Mount /dev/sda8 and execute df -h command. Does it list /dev/sda8 in the output?
    You are using Ubuntu. Right?
    It is amazing what you can accomplish if you do not care who gets the credit.
    New Users: Read This First

  3. #3
    Linux Engineer nujinini's Avatar
    Join Date
    Apr 2009
    Posts
    1,272
    Quote Originally Posted by devils casper View Post
    Mount /dev/sda8 and execute df -h command. Does it list /dev/sda8 in the output?
    You are using Ubuntu. Right?
    Hi!

    Code:
    [jun@localhost ~]$ df -h
    Filesystem            Size  Used Avail Use% Mounted on
    /dev/sda5              11G  9.1G  1.1G  90% /
    tmpfs                 1.5G  256K  1.5G   1% /dev/shm
    /dev/sda7              34G   28G  5.1G  85% /media/Mint 7
    /dev/sda3             106G   81G   26G  77% /media/Storage Bin (A)
    /dev/sda6              11G  3.5G  6.1G  37% /media/Ubuntu 9.10
    /dev/sda1              15G   14G  940M  94% /media/XP Windows :(
    /dev/sda8              51G  180M   48G   1% /media/Storage Bin (B)_
    [jun@localhost ~]$
    I was on my Fedora 10 when I tried to follow Kashyap's tutorial. I can do it in my Ubuntu 9.10 if it would make a difference. Or MInt 7.

    The above output is from my Fedora terminal which automatically mounts all partitions.
    nujinini
    Linux User #489667

  4. $spacer_open
    $spacer_close
  5. #4
    Super Moderator devils casper's Avatar
    Join Date
    Jun 2006
    Location
    Chandigarh, India
    Posts
    24,729
    It should work in all distros.
    Unmount partition using umount command and execute cryptsetup command again.

    Make sure to gain root privileges through su - instead of su.

    Code:
    su -
    umount /dev/sda8
    cryptsetup --verbose --verify-passphrase -c aes-cbc-plain luksFormat /dev/sda8
    It is amazing what you can accomplish if you do not care who gets the credit.
    New Users: Read This First

  6. #5
    Linux Engineer nujinini's Avatar
    Join Date
    Apr 2009
    Posts
    1,272
    Bingo!

    Code:
    [jun@localhost ~]$ su -
    Password: 
    [root@localhost ~]# umount /dev/sda8
    [root@localhost ~]# cryptsetup --verbose --verify-passphrase -c aes-cbc-plain luksFormat /dev/sda8
    
    WARNING!
    ========
    This will overwrite data on /dev/sda8 irrevocably.
    
    Are you sure? (Type uppercase yes): YES
    Enter LUKS passphrase: 
    Verify passphrase: 
    Command successful.
    [root@localhost ~]#
    Tutorial Output says.
    Code:
    # cryptsetup luksOpen /dev/sda2 sda2
    Enter LUKS passphrase:
    key slot 0 unlocked.
    Command successful.
    My output is different though:

    Code:
    [jun@localhost ~]$ su -
    Password: 
    [root@localhost ~]# # cryptsetup luksOpen /dev/sda8 sda8
    [root@localhost ~]#
    I wonder why



    Now to continue....
    nujinini
    Linux User #489667

  7. #6
    Linux Engineer nujinini's Avatar
    Join Date
    Apr 2009
    Posts
    1,272
    I think I'm getting warmer...

    Code:
    [jun@localhost ~]$ su -
    Password: 
    [root@localhost ~]# cryptsetup luksOpen /dev/sda8 /sda8
    Enter LUKS passphrase for /dev/sda8: 
    key slot 0 unlocked.
    Command failed: dm_task_set_name: Device /sda8 not found
    [root@localhost ~]#
    Got it!

    Code:
    [jun@localhost ~]$ su -
    Password: 
    [root@localhost ~]# cryptsetup luksOpen /dev/sda8 sda8
    Enter LUKS passphrase for /dev/sda8: 
    key slot 0 unlocked.
    Command successful.
    [root@localhost ~]#
    Code:
    [jun@localhost ~]$ ls -l /dev/mapper
    total 0
    crw-rw---- 1 root root  10, 63 2010-03-04 06:35 control
    brw-rw---- 1 root disk 253,  0 2010-03-03 23:14 sda8
    
    [root@localhost ~]# mkfs.ext3 /dev/mapper/sda8
    mke2fs 1.41.4 (27-Jan-2009)
    Filesystem label=
    OS type: Linux
    Block size=4096 (log=2)
    Fragment size=4096 (log=2)
    3366912 inodes, 13446268 blocks
    672313 blocks (5.00%) reserved for the super user
    First data block=0
    Maximum filesystem blocks=0
    411 block groups
    32768 blocks per group, 32768 fragments per group
    8192 inodes per group
    Superblock backups stored on blocks: 
    	32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 
    	4096000, 7962624, 11239424
    
    Writing inode tables: done                            
    Creating journal (32768 blocks): done
    Writing superblocks and filesystem accounting information: done
    
    This filesystem will be automatically checked every 21 mounts or
    180 days, whichever comes first.  Use tune2fs -c or -i to override.
    [root@localhost ~]# 
    
    [jun@localhost ~]$ mkdir /home/jun/crypted
    
    [jun@localhost ~]$ su -
    Password: 
    
    [root@localhost ~]# mount /dev/mapper/sda1 /home/jun/crypted
    mount: you must specify the filesystem type
    [root@localhost ~]# df -H
    Filesystem             Size   Used  Avail Use% Mounted on
    /dev/sda5               12G   9.8G   1.2G  90% /
    tmpfs                  1.6G    78k   1.6G   1% /dev/shm
    /dev/sda7               37G    30G   5.6G  84% /media/Mint 7
    /dev/sda1               16G    14G   2.4G  86% /media/XP Windows :(
    /dev/sda6               11G   3.7G   6.6G  37% /media/Ubuntu 9.10
    /dev/sda3              113G    86G    28G  77% /media/Storage Bin (A)
    [root@localhost ~]#
    [jun@localhost ~]$ su -
    Password: 
    [root@localhost ~]# mount /dev/mapper/sda8 /home/jun/crypted
    [root@localhost ~]# df -H
    Filesystem             Size   Used  Avail Use% Mounted on
    /dev/sda5               12G   9.8G   1.2G  90% /
    tmpfs                  1.6G    78k   1.6G   1% /dev/shm
    /dev/sda7               37G    30G   5.6G  84% /media/Mint 7
    /dev/sda1               16G    14G   2.4G  86% /media/XP Windows :(
    /dev/sda6               11G   3.7G   6.6G  37% /media/Ubuntu 9.10
    /dev/sda3              113G    86G    28G  77% /media/Storage Bin (A)
    /dev/mapper/sda8        55G   189M    52G   1% /home/jun/crypted
    
    [root@localhost ~]# cd /home/jun/crypted
    [root@localhost crypted]# nano test
    [root@localhost crypted]# ls
    lost+found
    [root@localhost crypted]# 
    
    [jun@localhost ~]$ su -
    Password: 
    [root@localhost ~]# mount /home/jun/crypted /sda8
    mount: you must specify the filesystem type
    [root@localhost ~]# mount /dev/mapper/sda8 /home/jun/crypted
    mount: /dev/mapper/sda8 already mounted or /home/jun/crypted busy
    mount: according to mtab, /dev/mapper/sda8 is already mounted on /home/jun/crypted
    [root@localhost ~]# mount /home/jun/crypted sda8
    mount: you must specify the filesystem type
    [root@localhost ~]# mount /home/jun/crypted /media/sda8
    mount: you must specify the filesystem type
    
    [root@localhost ~]# mount /dev/mapper/sda8 /home/jun/crypted
    mount: /dev/mapper/sda8 already mounted or /home/jun/crypted busy
    mount: according to mtab, /dev/mapper/sda8 is already mounted on /home/jun/crypted
    [root@localhost ~]#
    Can you please help me on the last portion? Thanks!
    Last edited by nujinini; 03-03-2010 at 02:47 PM.
    nujinini
    Linux User #489667

  8. #7
    Linux User
    Join Date
    Dec 2009
    Posts
    264
    I've never done this myself ... but it doesn't seem logical to me to mount the device.

    As far as I know the en/decryption will be before the file-system ...
    So you need to check that the device isn't mounted.

    Just that way an encryption without any file-system dependencies gets possible ...
    But it may cost redundancy with the data integrity ...

    So both ways could be logical ...

    So I checked in the internet:
    cryptsetup - LinuxWiki.org - Linux Wiki und Freie Software
    Is in german ... but in the first part it's written that the file system shall be made on the new device created by cryptsetup.
    The device can be found in:
    /dev/mapper/$NAME

    so try following:
    Code:
    su
    
    umount /dev/sda8
    cryptsetup luksOpen /dev/sda8 sda8
    ...
    just saw you allready got that one ...

    so you are missing a filesystem.
    mkfs -t xfs /dev/mapper/sda1
    for example

  9. #8
    Linux User
    Join Date
    Dec 2009
    Posts
    264
    Just reeded your description again ...
    Damn you already have one ... I need to concentrate more ... may I shall dink some beer too increase it ...

    The only thing I can think about is that the file system is only mounted ro.
    However there should be a error msg when you try to exit nano or try to "touch test"

    You can only mount a device that isn't already mounted ... so you need to write a unmount /home/jun/crypted

  10. #9
    Linux Engineer nujinini's Avatar
    Join Date
    Apr 2009
    Posts
    1,272
    Quote Originally Posted by zombykillah View Post
    I need to concentrate more ... may I shall dink some beer too increase it ...

    hahaha!

    Thanks. Please help me analyse more
    nujinini
    Linux User #489667

  11. #10
    Linux User
    Join Date
    Dec 2009
    Posts
    264
    Hi ...
    I've just tried to do it on my server ... till folowing line showed up:
    Code:
    slavi:~# cryptsetup --cipher aes --key-file key.txt create sda6 /dev/sda6
    Aufruf fehlgeschlagen: Incompatible libdevmapper 1.02.27 (2008-06-25)(compat) and kernel driver
    Well I'll try it on the other machine ...

    Genial ...
    Code:
    SERVI:~# cryptsetup --cipher aes --key-file key.txt create crf1 /dev/sdf2
    Aufruf fehlgeschlagen: Incompatible libdevmapper 1.02.27 (2008-06-25)(compat) and kernel driver
    Well it seems I don't even come to the point you need help ...

    With the following command you can check all mounted devices with their options:
    Code:
    cat /etc/mtab
    Example:
    Code:
    SERVI:~# cat /etc/mtab
    /dev/sda1 / ext3 rw,errors=remount-ro 0 0
    tmpfs /lib/init/rw tmpfs rw,nosuid,mode=0755 0 0
    proc /proc proc rw,noexec,nosuid,nodev 0 0
    sysfs /sys sysfs rw,noexec,nosuid,nodev 0 0
    procbususb /proc/bus/usb usbfs rw 0 0
    udev /dev tmpfs rw,mode=0755 0 0
    tmpfs /dev/shm tmpfs rw,nosuid,nodev 0 0
    devpts /dev/pts devpts rw,noexec,nosuid,gid=5,mode=620 0 0
    /dev/sdf1 /media/sdf1 ext2 rw 0 0
    You can see all options that were used during mount as rw read-write or ro read-only
    Hope that helps you ...

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •