0

I have a server running ubuntu 18 and we added the standard LUKS encryption during install. It was fine for a while but its become a problem that we can't restart it remotely.

I'd like to add a keyfile for the root partition but I am not sure if this would work. The boot partition is still unencrypted so we can put it there.

As I said, we have encrypted the root partition / so is it even possible to read /etc/crypttab before unlocking?

Also, I really dont want to brick the server. Is there anyway to use both a keyfile and a passphrase?

Regards,

tobben
  • 1
  • Grub cannot read /boot encrypted so it must be on a plaintext partition. You can put your key file there. – Peleion May 15 '20 at 12:22
  • Actually /boot isn't encrypted so it should be ok to put the keyfile there, but /etc/crontab is, so I am not sure how it wil know where to look – Tobias May 15 '20 at 14:54
  • That's what I was indicating - /boot is _not_ encrypted so that is where the keyfile can be placed. Unclear grammar I guess – Peleion May 15 '20 at 15:30
  • But /etc/crypttab is still encrypted, so how will it know where to look? Also, is there any safe way of doing this which lets you try both keyfile and passphrase? – Tobias May 16 '20 at 07:08

0 Answers0