Masikati neusiku mose! Iyi positi ichabatsira kune avo vanoshandisa LUKS dhata encryption uye vanoda decrypt disks pasi peLinux (Debian, Ubuntu) pa. nhanho ye decryption yemudzi wechikamu. Uye handina kuwana ruzivo rwakadaro paInternet.
Nguva pfupi yadarika, nekuwedzera kwehuwandu hwemadhisiki mumasherufu, ndakasangana nedambudziko rekubvisa dhisiki uchishandisa nzira inodarika inozivikanwa kuburikidza ne /etc/crypttab. Ini pachangu, ini ndinosimbisa mashoma matambudziko nekushandisa nzira iyi, iyo iyo faira inoverengwa chete mushure mekurodha (kukwira) iyo midzi yekuparadzanisa, iyo inokanganisa kutengwa kweZFS kunze kwenyika, kunyanya kana yakaunganidzwa kubva muzvikamu pane * _crypt mudziyo, kana mdadm raid zvakare yakaunganidzwa kubva muzvikamu. Tese tinoziva kuti unogona kushandisa akapatsanurwa paLUKS midziyo, handiti? Uye zvakare dambudziko rekutanga kwemamwe masevhisi, kana pasina arrays parizvino, uye shandisa Ini ndinotoda chimwe chinhu (Ndiri kushanda nemasumbu Proxmox VE 5.x uye ZFS pamusoro iSCSI).
Zvishoma nezve ZFSoverISCSIiSCSI inondishandira kuburikidza neLIO, uye kutaura zvazviri, kana chinangwa cheiscsi chatanga uye chisingaone ZVOL zvishandiso, zvinongozvibvisa kubva mukugadziriswa, izvo zvinodzivirira masisitimu evaenzi kubva kubhoti. Nekudaro, kungave kudzoreredza iyo backup json faira, kana nemaoko kuwedzera zvishandiso zvine zviziviso zveVM yega yega, zvinongotyisa kana paine akawanda emakina akadaro uye imwe neimwe dhisiki ine anopfuura 1 dhisiki.
Uye mubvunzo wechipiri wandichafunga nezve nzira yekubvisa (iyi ndiyo yakakosha yechinyorwa). Uye isu tichataura pamusoro peizvi pazasi, enda kune yakatemwa!
Kazhinji paInternet vanoshandisa kiyi faira (iyo yakawedzera otomatiki kune slot nekuraira - cryptsetup luksAddKey), kana zvisingawanzo kunze (kune ruzivo rushoma paInternet mutauro weRussia) - iyo decrypt_derived script, iri mukati. /lib/cryptsetup/script/ (hongu, kune dzimwe nzira, asi ndakashandisa idzi mbiri, dzakaumba hwaro hwechinyorwa). Ini zvakare ndakavavarira kuzere kuzvimiririra activation mushure mekutangazve, pasina mimwe mirairo mukoni, kuitira kuti zvese "zvibve" kwandiri ipapo. Naizvozvo, kumirirei? -
Ngatitangei!
Isu tinofungidzira sisitimu, semuenzaniso Debian, yakaiswa pane sda3_crypt crypto partition uye gumi nemaviri dhisiki akagadzirira encrypt uye kugadzira chero chinodiwa nemoyo wako. Tine mutsara wakakosha (passphrase) yekuvhura sda3_crypt uye kubva muchikamu ichi tichabvisa "hash" yepassword pane inomhanya (decrypted) system uye toiwedzera kune mamwe madhisiki. Zvese ndezvekutanga, mune iyo console yatinoita:
/lib/cryptsetup/scripts/decrypt_derived sda3_crypt | cryptsetup luksFormat /dev/sdXuko X ari madhisiki edu, zvikamu, nezvimwe.
Mushure mekuvhara madhisiki ane hashi kubva kune yedu kiyi mutsara, iwe unofanirwa kutsvaga iyo UUID kana ID - zvichienderana nekuti ndiani anoshandiswa kune chii. Isu tinotora data kubva /dev/disk/by-uuid uye ne-id, zvichiteerana.
Nhanho inotevera iri kugadzirira mafaera uye mini-zvinyorwa zvemabasa atinoda kushanda, ngatienderere mberi:
cp -p /usr/share/initramfs-tools/hooks/cryptroot /etc/initramfs-tools/hooks/
cp -p /usr/share/initramfs-tools/scripts/local-top/cryptroot /etc/initramfs-tools/scripts/local-top/mberi
touch /etc/initramfs-tools/hooks/decrypt && chmod +x /etc/initramfs-tools/hooks/decryptZviri mukati me ../decrypt
#!/bin/sh
cp -p /lib/cryptsetup/scripts/decrypt_derived "$DESTDIR/bin/decrypt_derived"mberi
touch /etc/initramfs-tools/hooks/partcopy && chmod +x /etc/initramfs-tools/hooks/partcopyZviri mukati ../partcopy
#!/bin/sh
cp -p /sbin/partprobe "$DESTDIR/bin/partprobe"
cp -p /lib/x86_64-linux-gnu/libparted.so.2 "$DESTDIR/lib/x86_64-linux-gnu/libparted.so.2"
cp -p /lib/x86_64-linux-gnu/libreadline.so.7 "$DESTDIR/lib/x86_64-linux-gnu/libreadline.so.7"zvimwe zvishoma
touch /etc/initramfs-tools/scripts/local-bottom/partprobe && chmod +x /etc/initramfs-tools/scripts/local-bottom/partprobeZviri mukati ../partprobe
#!/bin/sh
$DESTDIR/bin/partprobeuye chekupedzisira, usati wavandudza-initramfs, unofanirwa kugadzirisa faira /etc/initramfs-tools/scripts/local-top/cryptroot, kutanga kubva mumutsara ~360, chidimbu chekodhi pazasi.
Chekutanga
# decrease $count by 1, apparently last try was successful.
count=$(( $count - 1 ))
message "cryptsetup ($crypttarget): set up successfully"
break
uye uuye nayo kune iyi fomu
Edited
# decrease $count by 1, apparently last try was successful.
count=$(( $count - 1 ))
/bin/decrypt_derived $crypttarget | cryptsetup luksOpen /dev/disk/by-uuid/ *CRYPT_MAP*
/bin/decrypt_derived $crypttarget | cryptsetup luksOpen /dev/disk/by-id/ *CRYPT_MAP*
message "cryptsetup ($crypttarget): set up successfully"
breakZiva kuti UUID kana ID inogona kushandiswa pano. Chinhu chikuru ndechekuti madhiraivha anodiwa eHDD/SSD zvishandiso anowedzerwa kune /etc/initramfs-tools/modules. Unogona kuziva kuti mutyairi anoshandiswa nemurairo udevadm info -a -n /dev/sdX | egrep 'kutarisa|DRIVER'.
Iye zvino zvatapedza uye mafaira ose ari panzvimbo, tinomhanya update-initramfs -u -k zvese -v, mukutema miti haafaniri kuva kukanganisa mukuita kwezvinyorwa zvedu. Isu tinotangazve, pinda mutsara unokosha uye kumirira zvishoma, zvichienderana nehuwandu hwema disks. Tevere, sisitimu ichatanga uye padanho rekupedzisira rekutanga, iko mushure me "kukwira" midzi yekupatsanura, iyo partprobe command ichaitwa - ichawana uye inotora zvese zvakagadzirwa zvikamu paLUKS zvishandiso uye chero arrays, ingave ZFS kana mdadm, ichaunganidzwa pasina matambudziko! Uye zvose izvi before loading iwo masevhisi makuru anoda aya madhisiki / arrays.
kugadzirisa1: Sei , nzira iyi inoshanda chete kuLUKS1.
Source: www.habr.com