没有可用的密钥 luks bash
No key available with this passphrase luks bash
我正在尝试使用脚本远程配置我的主机。
但是在执行 cryptsetup luksOpen
时失败
这是我的函数:
# used to encrypt the volume
# the ssh connect
# the partition
# the password
# the LUKSName
encrypt(){
ssh << EOF
sudo -s
# convert the partition to the LUKS format
echo "About to init luks on partition: cryptsetup luksFormat with [YES, , ]"
(
echo YES
echo
echo
) | cryptsetup -v luksFormat
sleep 3
echo "About to mount and format: cryptsetup luksOpen with []"
(
echo
) | cryptsetup -v luksOpen
# Create an EXT4 file system on the LUKS logical volume
mkfs.ext4 /dev/mapper/
# optional create the luks.key
echo > /root/luks.key
echo "About to create the luksKey: cryptsetup luksAddKey /root/luks.key with []"
(
echo
) | cryptsetup luksAddKey /root/luks.key
# enter the new volume in /etc/fstab
echo "/dev/mapper/ / ext4 defaults 1 2" >> /etc/fstab
# create the mount point
mkdir /
#mount the luks volume
mount /
EOF
}
所以我的日志对于 luksFormat 是正确的,但在 luksOpen 时失败了
About to init luks on partition: cryptsetup luksFormat /dev/sdb1 with [YES, pwd, pwd]
Command successful.
About to mount and format: cryptsetup luksOpen /dev/sdb1 mongo_data with [pwd]
No key available with this passphrase.
Command failed with code 1: No key available with this passphrase.
当我手动执行时,它正在工作。
这是调试跟踪:
# cryptsetup 1.6.6 processing "cryptsetup --debug luksOpen /dev/sdb1 mongo_data"
# Running command open.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating crypt device /dev/sdb1 context.
# Trying to open and read device /dev/sdb1.
# Initialising device-mapper backend library.
# Trying to load LUKS1 crypt type from device /dev/sdb1.
# Crypto backend (gcrypt 1.6.5) initialized.
# Detected kernel Linux 4.4.0-81-generic x86_64.
# Reading LUKS header of size 1024 from device /dev/sdb1
# Key length 32, device size 20969472 sectors, header size 2050 sectors.
# Timeout set to 0 miliseconds.
# Password retry count set to 3.
# Password verification disabled.
# Iteration time set to 1000 miliseconds.
# Activating volume mongo_data [keyslot -1] using [none] passphrase.
# dm version OF [16384] (*1)
# dm versions OF [16384] (*1)
# Detected dm-crypt version 1.14.1, dm-ioctl version 4.34.0.
# Device-mapper backend running with UDEV support enabled.
# dm status mongo_data OF [16384] (*1)
# STDIN descriptor passphrase entry requested.
# Trying to open key slot 0 [ACTIVE_LAST].
# Reading key slot 0 area.
# Using userspace crypto wrapper to access keyslot area.
# Trying to open key slot 1 [INACTIVE].mke2fs 1.42.13 (17-May-2015)
# Trying to open key slot 2 [INACTIVE].The file /dev/mapper/mongo_data does not exist and no size was specified.
# Trying to open key slot 3 [INACTIVE].
# Trying to open key slot 4 [INACTIVE].
# Trying to open key slot 5 [INACTIVE].
# Trying to open key slot 6 [INACTIVE].
# Trying to open key slot 7 [INACTIVE].
# STDIN descriptor passphrase entry requested.
# Nothing read on input.
# Releasing crypt device /dev/sdb1 context.
# Releasing device-mapper backend.
# Unlocking memory.
似乎Nothing read on input 意味着它没有得到我的密码...
你有什么想法吗?
此致
你的加密容器的密码是YES...cryptsetup luksFormat当标准输入不是终端时不进行对话;它只读取一行并将其用作密码。
我正在尝试使用脚本远程配置我的主机。 但是在执行 cryptsetup luksOpen
时失败这是我的函数:
# used to encrypt the volume
# the ssh connect
# the partition
# the password
# the LUKSName
encrypt(){
ssh << EOF
sudo -s
# convert the partition to the LUKS format
echo "About to init luks on partition: cryptsetup luksFormat with [YES, , ]"
(
echo YES
echo
echo
) | cryptsetup -v luksFormat
sleep 3
echo "About to mount and format: cryptsetup luksOpen with []"
(
echo
) | cryptsetup -v luksOpen
# Create an EXT4 file system on the LUKS logical volume
mkfs.ext4 /dev/mapper/
# optional create the luks.key
echo > /root/luks.key
echo "About to create the luksKey: cryptsetup luksAddKey /root/luks.key with []"
(
echo
) | cryptsetup luksAddKey /root/luks.key
# enter the new volume in /etc/fstab
echo "/dev/mapper/ / ext4 defaults 1 2" >> /etc/fstab
# create the mount point
mkdir /
#mount the luks volume
mount /
EOF
}
所以我的日志对于 luksFormat 是正确的,但在 luksOpen 时失败了
About to init luks on partition: cryptsetup luksFormat /dev/sdb1 with [YES, pwd, pwd]
Command successful.
About to mount and format: cryptsetup luksOpen /dev/sdb1 mongo_data with [pwd]
No key available with this passphrase.
Command failed with code 1: No key available with this passphrase.
当我手动执行时,它正在工作。
这是调试跟踪:
# cryptsetup 1.6.6 processing "cryptsetup --debug luksOpen /dev/sdb1 mongo_data"
# Running command open.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating crypt device /dev/sdb1 context.
# Trying to open and read device /dev/sdb1.
# Initialising device-mapper backend library.
# Trying to load LUKS1 crypt type from device /dev/sdb1.
# Crypto backend (gcrypt 1.6.5) initialized.
# Detected kernel Linux 4.4.0-81-generic x86_64.
# Reading LUKS header of size 1024 from device /dev/sdb1
# Key length 32, device size 20969472 sectors, header size 2050 sectors.
# Timeout set to 0 miliseconds.
# Password retry count set to 3.
# Password verification disabled.
# Iteration time set to 1000 miliseconds.
# Activating volume mongo_data [keyslot -1] using [none] passphrase.
# dm version OF [16384] (*1)
# dm versions OF [16384] (*1)
# Detected dm-crypt version 1.14.1, dm-ioctl version 4.34.0.
# Device-mapper backend running with UDEV support enabled.
# dm status mongo_data OF [16384] (*1)
# STDIN descriptor passphrase entry requested.
# Trying to open key slot 0 [ACTIVE_LAST].
# Reading key slot 0 area.
# Using userspace crypto wrapper to access keyslot area.
# Trying to open key slot 1 [INACTIVE].mke2fs 1.42.13 (17-May-2015)
# Trying to open key slot 2 [INACTIVE].The file /dev/mapper/mongo_data does not exist and no size was specified.
# Trying to open key slot 3 [INACTIVE].
# Trying to open key slot 4 [INACTIVE].
# Trying to open key slot 5 [INACTIVE].
# Trying to open key slot 6 [INACTIVE].
# Trying to open key slot 7 [INACTIVE].
# STDIN descriptor passphrase entry requested.
# Nothing read on input.
# Releasing crypt device /dev/sdb1 context.
# Releasing device-mapper backend.
# Unlocking memory.
似乎Nothing read on input 意味着它没有得到我的密码...
你有什么想法吗?
此致
你的加密容器的密码是YES...cryptsetup luksFormat当标准输入不是终端时不进行对话;它只读取一行并将其用作密码。