Tag: Encryption

Mounting an encrypted drive

he drive I am using here is a USB drive that has been mounted and encrypted on my laptop running RHEL6 (Red Hat Enterprise Linux 6). I want to mount on a server also running RHEL6.

I run dmesg and I can see that the server recognises it as /dev/sdb:

dmesg
etc...
USB Mass Storage support registered.
usb-storage: device scan complete
scsi 2:0:0:0: Direct-Access     Maxtor 6 Y120M0                PQ: 0 ANSI: 2 CCS
scsi 2:0:0:1: Direct-Access     WDC WD50 00AAKS-00YGA0         PQ: 0 ANSI: 2 CCS
scsi 2:0:0:0: Attached scsi generic sg1 type 0
scsi 2:0:0:1: Attached scsi generic sg2 type 0
sd 2:0:0:0: [sda] 240121728 512-byte logical blocks: (122 GB/114 GiB)
sd 2:0:0:1: [sdb] 976773168 512-byte logical blocks: (500 GB/465 GiB)

etc….

 

The operating system needs a device to talk to the under-lying encryption, to create this device on the new server we can use the cryptsetup utility. I am going to call the disk device d500.

 

cryptsetup luksOpen /dev/sdb1 d500

 

We can now look for the new device:

ls /dev/mapper/
control  d500  vg_lump-lv_root  vg_lump-lv_swap

 

Before we mount the disk we need a directory to mount it to.

mkdir /mnt/d500

 

Then mount the disk:

mount /dev/mapper/d500 /mnt/d500

 

We can also see the disk is now mounted:

df -h
/dev/mapper/d500      459G  198M  435G   1% /mnt/d500

 

If we want the disk to automatically mount upon boot we need to create an entry in /etc/fstab

If you need this to survive a reboot then an entry needs to be entered in /etc/crypttab so that the dev/mapper device is created at every reboot.

The fields are:

Name (that will be created under /dev/mapper/[name])   Device (often identified by UUID) and options (such as password to decrypt)

You can get the UUID by running the command

blkid

This will give you by default the UUIDs of all devices on the system.

You can then edit

/etc/crypttab

then add something like:

d500    UUID=2e23233fc-2323-49ba-a239-2872642-fd733219 none

Then when the system boots it will ask for the relevant password.


Encrypted Drive

Add an encrypted drive to RHEL

The drive I am using here is a USB drive that has been mounted and encrypted on my laptop running RHEL6 (Red Hat Enterprise Linux 6). I want to mount on a server also running RHEL6.

I run dmesg and I can see that the server recognises it as /dev/sdb:

dmesg

etc…

USB Mass Storage support registered.
usb-storage: device scan complete
scsi 2:0:0:0: Direct-Access     Maxtor 6 Y120M0                PQ: 0 ANSI: 2 CCS
scsi 2:0:0:1: Direct-Access     WDC WD50 00AAKS-00YGA0         PQ: 0 ANSI: 2 CCS
scsi 2:0:0:0: Attached scsi generic sg1 type 0
scsi 2:0:0:1: Attached scsi generic sg2 type 0
sd 2:0:0:0: [sda] 240121728 512-byte logical blocks: (122 GB/114 GiB)
sd 2:0:0:1: [sdb] 976773168 512-byte logical blocks: (500 GB/465 GiB)

etc….

The operating system needs a device to talk to the under-lying encryption, to create this device on the new server we can use the cryptsetup utility. I am going to call the disk device d500.

cryptsetup luksOpen /dev/sdb1 d500

We can now look for the new device:

ls /dev/mapper/
control  d500  vg_lump-lv_root  vg_lump-lv_swap

Before we mount the disk we need a directory to mount it to.

mkdir /mnt/d500

Then mount the disk:

mount /dev/mapper/d500 /mnt/d500

We can also see the disk is now mounted:

df -h
/dev/mapper/d500      459G  198M  435G   1% /mnt/d500

If we want the disk to automatically mount upon boot we need to create an entry in /etc/fstab

Comments Off on Encrypted Drive more...

Add a disk

Add a disk to RHEL virt

Add the directories, set the contexts and then restore the contexts.

Working on disk that mounts to /mnt/d500

Create the directories I want to use:

mkdir -p /mnt/d500/libvirt/images

Set the context for the libvirt directory:

semanage fcontext -a -t virt_var_lib_t "/mnt/d500/libvirt"

Set the context for the images directory:

semanage fcontext -a -t virt_image_t "/mnt/d500/libvirt(/.*)?"

Then write the contexts:

restorecon -R /mnt/d500/

Then check the contexts:

ls -lZd /mnt/d500/libvirt/images/

 


Copyright © 1996-2013 Xander Harkness. All rights reserved.
iDream theme by Templates Next | Powered by WordPress
loading