Re: password recovery for a luksOpened device?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Nov 02, 2011 at 08:25:29AM +0100, Arno Wagner wrote:
> You have to go trough master key recovery. No way around that.
> 
> But you do not need to create a new header, you can use
> something like "cryptsetup luksAddKey --master-key-file <mkey> ..."
> to set a new passphrase. (In this case you have to go the
> manual route.) 

Update: Not true, the script just does all steps except
the creation of the new header (or adding a new passphrase).

Fixed in the FAQ.

Arno

> I am currently adding this to the FAQ, 
> may take a few minutes to try it out.
>   
> Arno
> 
> On Wed, Nov 02, 2011 at 04:14:30AM +0100, mike dentifrice wrote:
> > Hey there,
> > 
> > I managed to forget the passphrase for a server (it is very rarely
> > rebooted). 
> > 
> > It it still running, the LUKS device is opened, and the filesystem
> > laying on top of it is mounted. 
> > 
> > So, I do have a fresh backup, and can keep on trying to remember the
> > passphrase with `cryptsetup luksAddKey /dev/mapper/foobar`
> > 
> > However, it would be a lot of hasle to re-install the system entirely,
> > as the services cannot suffer a long downtime.
> > 
> > Is there a way to recover the passphrase or add a new keyslot while the
> > system's running, the crypto device mounted, the fs opened? 
> > 
> > Or do I necessarily have to jump towards the "How do I recover the
> > master key from a mapped LUKS container?" FAQ entry?
> > 
> > Thanks in advance for your answer,
> > 
> > -- 
> > mike dentifrice <fluor@xxxxxxxxxxx>
> > 
> > _______________________________________________
> > dm-crypt mailing list
> > dm-crypt@xxxxxxxx
> > http://www.saout.de/mailman/listinfo/dm-crypt
> > 
> 
> -- 
> Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx 
> GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
> ----
> Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
> 
> If it's in the news, don't worry about it.  The very definition of 
> "news" is "something that hardly ever happens." -- Bruce Schneier 
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@xxxxxxxx
> http://www.saout.de/mailman/listinfo/dm-crypt
> 

-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt


[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux