Ich versuche, meinen Host mit einem Skript remote zu konfigurieren. jedoch scheitern es, wenn dabei Cryptsetup luksOpenKein Schlüssel mit dieser Passphrase verfügbar luks bash
hier ist meine Funktion:
# used to encrypt the volume
# $1 the ssh connect
# $2 the partition
# $3 the password
# $4 the LUKSName
encrypt(){
ssh $1 << EOF
sudo -s
# convert the partition to the LUKS format
echo "About to init luks on partition: cryptsetup luksFormat $2 with [YES, $3, $3]"
(
echo YES
echo $3
echo $3
) | cryptsetup -v luksFormat $2
sleep 3
echo "About to mount and format: cryptsetup luksOpen $2 $4 with [$3]"
(
echo $3
) | cryptsetup -v luksOpen $2 $4
# Create an EXT4 file system on the LUKS logical volume
mkfs.ext4 /dev/mapper/$4
# optional create the luks.key
echo $3 > /root/luks.key
echo "About to create the luksKey: cryptsetup luksAddKey $2 /root/luks.key with [$3]"
(
echo $3
) | cryptsetup luksAddKey $2 /root/luks.key
# enter the new volume in /etc/fstab
echo "/dev/mapper/$4 /$4 ext4 defaults 1 2" >> /etc/fstab
# create the mount point
mkdir /$4
#mount the luks volume
mount /$4
EOF
}
Also meine Protokolle für die luksFormat korrekt sind, aber mit luksOpen scheitern
About to init luks on partition: cryptsetup luksFormat /dev/sdb1 with [YES, pwd, pwd]
Command successful.
About to mount and format: cryptsetup luksOpen /dev/sdb1 mongo_data with [pwd]
No key available with this passphrase.
Command failed with code 1: No key available with this passphrase.
Wenn ich es manuell es ist Arbeiten.
ist hier Debug-Spuren:
# cryptsetup 1.6.6 processing "cryptsetup --debug luksOpen /dev/sdb1 mongo_data"
# Running command open.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating crypt device /dev/sdb1 context.
# Trying to open and read device /dev/sdb1.
# Initialising device-mapper backend library.
# Trying to load LUKS1 crypt type from device /dev/sdb1.
# Crypto backend (gcrypt 1.6.5) initialized.
# Detected kernel Linux 4.4.0-81-generic x86_64.
# Reading LUKS header of size 1024 from device /dev/sdb1
# Key length 32, device size 20969472 sectors, header size 2050 sectors.
# Timeout set to 0 miliseconds.
# Password retry count set to 3.
# Password verification disabled.
# Iteration time set to 1000 miliseconds.
# Activating volume mongo_data [keyslot -1] using [none] passphrase.
# dm version OF [16384] (*1)
# dm versions OF [16384] (*1)
# Detected dm-crypt version 1.14.1, dm-ioctl version 4.34.0.
# Device-mapper backend running with UDEV support enabled.
# dm status mongo_data OF [16384] (*1)
# STDIN descriptor passphrase entry requested.
# Trying to open key slot 0 [ACTIVE_LAST].
# Reading key slot 0 area.
# Using userspace crypto wrapper to access keyslot area.
# Trying to open key slot 1 [INACTIVE].mke2fs 1.42.13 (17-May-2015)
# Trying to open key slot 2 [INACTIVE].The file /dev/mapper/mongo_data does not exist and no size was specified.
# Trying to open key slot 3 [INACTIVE].
# Trying to open key slot 4 [INACTIVE].
# Trying to open key slot 5 [INACTIVE].
# Trying to open key slot 6 [INACTIVE].
# Trying to open key slot 7 [INACTIVE].
# STDIN descriptor passphrase entry requested.
# Nothing read on input.
# Releasing crypt device /dev/sdb1 context.
# Releasing device-mapper backend.
# Unlocking memory.
Es scheint, dass Nichts weiter lesen Eingang bedeutet, dass es nicht mein Passwort bekommen haben ...
Haben Sie vielleicht eine Idee?
Grüße
Sparen Sie sich eine Menge Ärger, indem Sie die Tools nicht interaktiv aufrufen, zum Beispiel mit cryptsetup luksFormat yourdevice --key-file fileThatContainsIhrPassword. Vorgeben, ein Mensch zu sein, ist schwer. –
Dies ist die beste Antwort. Tut mir leid, es im Kommentar sagen zu müssen – Geoffrey