Kein Schlüssel mit dieser Passphrase verfügbar luks bash

Question

Ich versuche, meinen Host mit einem Skript remote zu konfigurieren. jedoch scheitern es, wenn dabei Cryptsetup luksOpen

hier ist meine Funktion:

# used to encrypt the volume 
# $1 the ssh connect 
# $2 the partition 
# $3 the password 
# $4 the LUKSName 
encrypt(){ 
ssh $1 << EOF 
    sudo -s 
    # convert the partition to the LUKS format 
    echo "About to init luks on partition: cryptsetup luksFormat $2 with [YES, $3, $3]" 
    (
    echo YES 
    echo $3 
    echo $3 
) | cryptsetup -v luksFormat $2 
    sleep 3 
    echo "About to mount and format: cryptsetup luksOpen $2 $4 with [$3]" 
    (
    echo $3 
) | cryptsetup -v luksOpen $2 $4 
    # Create an EXT4 file system on the LUKS logical volume 
    mkfs.ext4 /dev/mapper/$4 
    # optional create the luks.key 
    echo $3 > /root/luks.key 
    echo "About to create the luksKey: cryptsetup luksAddKey $2 /root/luks.key with [$3]" 
    (
    echo $3 
) | cryptsetup luksAddKey $2 /root/luks.key 
    # enter the new volume in /etc/fstab 
    echo "/dev/mapper/$4 /$4 ext4 defaults 1 2" >> /etc/fstab 
    # create the mount point 
    mkdir /$4 
    #mount the luks volume 
    mount /$4 
EOF 
} 

Also meine Protokolle für die luksFormat korrekt sind, aber mit luksOpen scheitern

About to init luks on partition: cryptsetup luksFormat /dev/sdb1 with [YES, pwd, pwd] 
Command successful. 
About to mount and format: cryptsetup luksOpen /dev/sdb1 mongo_data with [pwd] 
No key available with this passphrase. 
Command failed with code 1: No key available with this passphrase. 

Wenn ich es manuell es ist Arbeiten.

ist hier Debug-Spuren:

# cryptsetup 1.6.6 processing "cryptsetup --debug luksOpen /dev/sdb1 mongo_data" 
# Running command open. 
# Locking memory. 
# Installing SIGINT/SIGTERM handler. 
# Unblocking interruption on signal. 
# Allocating crypt device /dev/sdb1 context. 
# Trying to open and read device /dev/sdb1. 
# Initialising device-mapper backend library. 
# Trying to load LUKS1 crypt type from device /dev/sdb1. 
# Crypto backend (gcrypt 1.6.5) initialized. 
# Detected kernel Linux 4.4.0-81-generic x86_64. 
# Reading LUKS header of size 1024 from device /dev/sdb1 
# Key length 32, device size 20969472 sectors, header size 2050 sectors. 
# Timeout set to 0 miliseconds. 
# Password retry count set to 3. 
# Password verification disabled. 
# Iteration time set to 1000 miliseconds. 
# Activating volume mongo_data [keyslot -1] using [none] passphrase. 
# dm version OF [16384] (*1) 
# dm versions OF [16384] (*1) 
# Detected dm-crypt version 1.14.1, dm-ioctl version 4.34.0. 
# Device-mapper backend running with UDEV support enabled. 
# dm status mongo_data OF [16384] (*1) 
# STDIN descriptor passphrase entry requested. 
# Trying to open key slot 0 [ACTIVE_LAST]. 
# Reading key slot 0 area. 
# Using userspace crypto wrapper to access keyslot area. 
# Trying to open key slot 1 [INACTIVE].mke2fs 1.42.13 (17-May-2015) 
# Trying to open key slot 2 [INACTIVE].The file /dev/mapper/mongo_data does not exist and no size was specified. 
# Trying to open key slot 3 [INACTIVE]. 
# Trying to open key slot 4 [INACTIVE]. 
# Trying to open key slot 5 [INACTIVE]. 
# Trying to open key slot 6 [INACTIVE]. 
# Trying to open key slot 7 [INACTIVE]. 
# STDIN descriptor passphrase entry requested. 
# Nothing read on input. 
# Releasing crypt device /dev/sdb1 context. 
# Releasing device-mapper backend. 
# Unlocking memory. 

Es scheint, dass Nichts weiter lesen Eingang bedeutet, dass es nicht mein Passwort bekommen haben ...

Haben Sie vielleicht eine Idee?

Grüße

Answer 1

Das Passwort für Ihren verschlüsselten Container ist YES ... cryptsetup luksFormat nicht tragen, den Dialog, wenn die Standardeingabe kein Terminal ist; Es liest nur eine Zeile und verwendet diese als Passwort.