You have to go trough master key recovery. No way around that. But you do not need to create a new header, you can use something like "cryptsetup luksAddKey --master-key-file <mkey> ..." to set a new passphrase. (In this case you have to go the manual route.) I am currently adding this to the FAQ, may take a few minutes to try it out. Arno On Wed, Nov 02, 2011 at 04:14:30AM +0100, mike dentifrice wrote: > Hey there, > > I managed to forget the passphrase for a server (it is very rarely > rebooted). > > It it still running, the LUKS device is opened, and the filesystem > laying on top of it is mounted. > > So, I do have a fresh backup, and can keep on trying to remember the > passphrase with `cryptsetup luksAddKey /dev/mapper/foobar` > > However, it would be a lot of hasle to re-install the system entirely, > as the services cannot suffer a long downtime. > > Is there a way to recover the passphrase or add a new keyslot while the > system's running, the crypto device mounted, the fs opened? > > Or do I necessarily have to jump towards the "How do I recover the > master key from a mapped LUKS container?" FAQ entry? > > Thanks in advance for your answer, > > -- > mike dentifrice <fluor@xxxxxxxxxxx> > > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt > -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
