0
스크립트로 내 호스트를 원격 구성하려고합니다.이 암호로 사용 가능한 키가 없습니다. luks bash
# used to encrypt the volume
# $1 the ssh connect
# $2 the partition
# $3 the password
# $4 the LUKSName
encrypt(){
ssh $1 << EOF
sudo -s
# convert the partition to the LUKS format
echo "About to init luks on partition: cryptsetup luksFormat $2 with [YES, $3, $3]"
(
echo YES
echo $3
echo $3
) | cryptsetup -v luksFormat $2
sleep 3
echo "About to mount and format: cryptsetup luksOpen $2 $4 with [$3]"
(
echo $3
) | cryptsetup -v luksOpen $2 $4
# Create an EXT4 file system on the LUKS logical volume
mkfs.ext4 /dev/mapper/$4
# optional create the luks.key
echo $3 > /root/luks.key
echo "About to create the luksKey: cryptsetup luksAddKey $2 /root/luks.key with [$3]"
(
echo $3
) | cryptsetup luksAddKey $2 /root/luks.key
# enter the new volume in /etc/fstab
echo "/dev/mapper/$4 /$4 ext4 defaults 1 2" >> /etc/fstab
# create the mount point
mkdir /$4
#mount the luks volume
mount /$4
EOF
}
그래서 내 로그가 luksFormat에 대한 올바른하지만 내가 수동으로는 수행 할 때 luksOpen 명령
About to init luks on partition: cryptsetup luksFormat /dev/sdb1 with [YES, pwd, pwd]
Command successful.
About to mount and format: cryptsetup luksOpen /dev/sdb1 mongo_data with [pwd]
No key available with this passphrase.
Command failed with code 1: No key available with this passphrase.
실패 : 그러나 그것은 luksOpen 명령
여기내 기능입니다으로 cryptsetup 할 때 실패 일. 여기
디버그 추적입니다 :
# cryptsetup 1.6.6 processing "cryptsetup --debug luksOpen /dev/sdb1 mongo_data"
# Running command open.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating crypt device /dev/sdb1 context.
# Trying to open and read device /dev/sdb1.
# Initialising device-mapper backend library.
# Trying to load LUKS1 crypt type from device /dev/sdb1.
# Crypto backend (gcrypt 1.6.5) initialized.
# Detected kernel Linux 4.4.0-81-generic x86_64.
# Reading LUKS header of size 1024 from device /dev/sdb1
# Key length 32, device size 20969472 sectors, header size 2050 sectors.
# Timeout set to 0 miliseconds.
# Password retry count set to 3.
# Password verification disabled.
# Iteration time set to 1000 miliseconds.
# Activating volume mongo_data [keyslot -1] using [none] passphrase.
# dm version OF [16384] (*1)
# dm versions OF [16384] (*1)
# Detected dm-crypt version 1.14.1, dm-ioctl version 4.34.0.
# Device-mapper backend running with UDEV support enabled.
# dm status mongo_data OF [16384] (*1)
# STDIN descriptor passphrase entry requested.
# Trying to open key slot 0 [ACTIVE_LAST].
# Reading key slot 0 area.
# Using userspace crypto wrapper to access keyslot area.
# Trying to open key slot 1 [INACTIVE].mke2fs 1.42.13 (17-May-2015)
# Trying to open key slot 2 [INACTIVE].The file /dev/mapper/mongo_data does not exist and no size was specified.
# Trying to open key slot 3 [INACTIVE].
# Trying to open key slot 4 [INACTIVE].
# Trying to open key slot 5 [INACTIVE].
# Trying to open key slot 6 [INACTIVE].
# Trying to open key slot 7 [INACTIVE].
# STDIN descriptor passphrase entry requested.
# Nothing read on input.
# Releasing crypt device /dev/sdb1 context.
# Releasing device-mapper backend.
# Unlocking memory.
그것은 아무것도 입력에 읽기
당신은 아마 생각이 마 ... 내 비밀번호를하지 않았 음을 의미 보인다? 표준 입력이 터미널이 아닌 경우
안부
'cryptsetup luks your device --key-file fileThatContainsYourPassword'와 같이 도구를 비 대화식으로 호출하면 많은 문제를 방지 할 수 있습니다. 인간 인 척하는 것은 어렵습니다. –
이것은 가장 좋은 답변입니다. 댓글에서 미안하다. – Geoffrey