On Wed, Nov 02, 2011 at 08:25:29AM +0100, Arno Wagner wrote: > You have to go trough master key recovery. No way around that. > > But you do not need to create a new header, you can use > something like "cryptsetup luksAddKey --master-key-file <mkey> ..." > to set a new passphrase. (In this case you have to go the > manual route.) Update: Not true, the script just does all steps except the creation of the new header (or adding a new passphrase). Fixed in the FAQ. Arno > I am currently adding this to the FAQ, > may take a few minutes to try it out. > > Arno > > On Wed, Nov 02, 2011 at 04:14:30AM +0100, mike dentifrice wrote: > > Hey there, > > > > I managed to forget the passphrase for a server (it is very rarely > > rebooted). > > > > It it still running, the LUKS device is opened, and the filesystem > > laying on top of it is mounted. > > > > So, I do have a fresh backup, and can keep on trying to remember the > > passphrase with `cryptsetup luksAddKey /dev/mapper/foobar` > > > > However, it would be a lot of hasle to re-install the system entirely, > > as the services cannot suffer a long downtime. > > > > Is there a way to recover the passphrase or add a new keyslot while the > > system's running, the crypto device mounted, the fs opened? > > > > Or do I necessarily have to jump towards the "How do I recover the > > master key from a mapped LUKS container?" FAQ entry? > > > > Thanks in advance for your answer, > > > > -- > > mike dentifrice <fluor@xxxxxxxxxxx> > > > > _______________________________________________ > > dm-crypt mailing list > > dm-crypt@xxxxxxxx > > http://www.saout.de/mailman/listinfo/dm-crypt > > > > -- > Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx > GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F > ---- > Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans > > If it's in the news, don't worry about it. The very definition of > "news" is "something that hardly ever happens." -- Bruce Schneier > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt > -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
