Re: How to attach a fully encrypted drive to Stretch

2017-06-27 Thread tomas 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Jun 27, 2017 at 04:46:58AM -0400, Sean Behan wrote:
> On Tue, Jun 27, 2017 at 10:34:45AM +0200, Erwan David wrote:
> > Le 06/27/17 à 10:16, Hans a écrit :
> > > Hi!
> > > I believe, first of all is to check, how youz device is seen at the 
> > > usb-port.

[...]

> > > So, mount it using "mount /dev/mapper/somename /mnt".
> > > 
> > 
> > It won't work : the disk is an lvm volume (as said in first message), so
> > there is some lvm stuff to do before this. Sorry I do not know lvm to
> > give the right commands to use.
> 
> When the drive is LVM it should me mapped to /dev/mapper/ automatically
> after being opened by cryptsetup, you can then mount it like so:
> 
> "mount /dev/mapper/volume_name /mnt"

And in case it doesn't, after all, there's

  vgchange -ay

as another poster pointed out. Keep an eye on (typically) /dev/mapper. The
device files (or to be more precise: the links to them) should appear there.

Cheers
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAllSL7MACgkQBcgs9XrR2kbq0gCeK4L/ALyeee9tv8jS9ZTyDMix
yV0AnioUF2z97ZPwmSp+HOVAos66H/nE
=et5Z
-END PGP SIGNATURE-

Re: How to attach a fully encrypted drive to Stretch

2017-06-27 Thread Sean Behan 
On Tue, Jun 27, 2017 at 10:34:45AM +0200, Erwan David wrote:
> Le 06/27/17 à 10:16, Hans a écrit :
> > Hi!
> > I believe, first of all is to check, how youz device is seen at the 
> > usb-port.
> > 
> > As root start "tail -f /var/log/syslog" and then plugin your device. Check 
> > the 
> > messages.
> > 
> > When you know the device, check the partionin. Just start "fdisk" and print 
> > out your partitions. Be careful, not to change anything!
> > 
> > End fdisk, then open your encrypted partition (i.e. sdc3) using 
> > "cryptsetup luksOpen /dev/sdc3 somename" and enter your correct password.
> > 
> > The term "somename"  can freely be chosen, I personally are using something 
> > like "usr2" or "home2" whatever.
> > 
> > When your device is opened, you can mount it somewhere, I am using 
> > either "/mnt" or create a new directory (i.e. /disk1)
> > 
> > So, mount it using "mount /dev/mapper/somename /mnt".
> > 
> 
> It won't work : the disk is an lvm volume (as said in first message), so
> there is some lvm stuff to do before this. Sorry I do not know lvm to
> give the right commands to use.

When the drive is LVM it should me mapped to /dev/mapper/ automatically
after being opened by cryptsetup, you can then mount it like so:

"mount /dev/mapper/volume_name /mnt"


signature.asc
Description: PGP signature

Re: How to attach a fully encrypted drive to Stretch

2017-06-27 Thread Erwan David 
Le 06/27/17 à 10:16, Hans a écrit :
> Hi!
> I believe, first of all is to check, how youz device is seen at the usb-port.
> 
> As root start "tail -f /var/log/syslog" and then plugin your device. Check 
> the 
> messages.
> 
> When you know the device, check the partionin. Just start "fdisk" and print 
> out your partitions. Be careful, not to change anything!
> 
> End fdisk, then open your encrypted partition (i.e. sdc3) using 
> "cryptsetup luksOpen /dev/sdc3 somename" and enter your correct password.
> 
> The term "somename"  can freely be chosen, I personally are using something 
> like "usr2" or "home2" whatever.
> 
> When your device is opened, you can mount it somewhere, I am using 
> either "/mnt" or create a new directory (i.e. /disk1)
> 
> So, mount it using "mount /dev/mapper/somename /mnt".
> 

It won't work : the disk is an lvm volume (as said in first message), so
there is some lvm stuff to do before this. Sorry I do not know lvm to
give the right commands to use.

Re: How to attach a fully encrypted drive to Stretch

2017-06-27 Thread Hans 
Hi!
I believe, first of all is to check, how youz device is seen at the usb-port.

As root start "tail -f /var/log/syslog" and then plugin your device. Check the 
messages.

When you know the device, check the partionin. Just start "fdisk" and print 
out your partitions. Be careful, not to change anything!

End fdisk, then open your encrypted partition (i.e. sdc3) using 
"cryptsetup luksOpen /dev/sdc3 somename" and enter your correct password.

The term "somename"  can freely be chosen, I personally are using something 
like "usr2" or "home2" whatever.

When your device is opened, you can mount it somewhere, I am using 
either "/mnt" or create a new directory (i.e. /disk1)

So, mount it using "mount /dev/mapper/somename /mnt".

Once it is mounted, you can either copy your files, or better use rsync. With 
rsync rights are kept and symlinks are also transferred. And you have the 
capability to transfer via network. The syntax is "rsync -avz /sourcedir /
targetdir" Note that a missing slash after "/sourcedir" will copy the 
sourcedir, too. If this is not wanted, then add a slash after sourcedir like 
this one: "rsync -avz /sourcedir/ /targetdir".

In our example to copy the whole drive this would be now:
"rsync -avz /mnt/ /path/to/your/backupdirectory"

Hope this helps. Please feel free to ask for more.

Best regards

Hans  
> Which one you mount depends, of course, on where device mapper has
> put the device file. With the cryptsetup above, on my box, the device
> file would appear in /dev/mapper/disk2, for example.
> 
> In most cases, the vgchange happens automagically[1]. For my encrypted
> backups, I do, for example
> 
>   # NOTE change /dev/sdb by whatever device the stick/external drive
>   #  "appears" as:
>   sudo cryptsetup luksOpen /dev/sdb backup
>   sudo mount /dev/mapper/backup /media/backup
>   rsync ... /home /media/backup/myself/home
>   sync
>   sudo umount /media/backup
>   sudo cryptsetup luksClose backup
> 
> (of course, the rsync ... is actually a script and a tad more complicated,
> but you get the idea).
> 
> NOTE: I have there /dev/sdb -- this is an unpartitioned disk with one big
> LUKS volume on it. This is a bit unconventional; in your case you might
> have one partition (e.g. /dev/sdb1).
> 
> Cheers
> 
> [1] I must admit that I don't know *who* is actually doing that for
> me :-)
> -- tomás

Re: How to attach a fully encrypted drive to Stretch

2017-06-27 Thread tomas 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Jun 26, 2017 at 08:17:33PM +, commentsab...@riseup.net wrote:
> Hello,
> 
> On 2017-06-26 19:36, Eduardo M KALINOWSKI wrote:
> > On 26-06-2017 16:28, commentsab...@riseup.net wrote:
> >> I have an adapter to connect my older Jessie (fully encrypted) SATA HDD
> >> to a USB port. Simply plugin the older disk/adapter into the freshly
> >> installed Stretch doesn't seem to work (I'm not being prompted for a
> >> passphrase).
> >>
> >> What is the proper way to access the data on that drive when connected
> >> to the host system via a USB adapter ?
> >>
> >> I found an answer on
> >> 
> >> but do not know if it is valid and am not keen on running undocumented
> >> commands/commands that I do not understand.
> > 
> > Assuming the disk is a LUKS encrypted volume (the default since who
> > knows when), the command is exactly the one in your link.
> 
> Thank you for your answer.
> 
> There are actually several answers on the Stack Exchange thread, which
> one is the right one ?
> 
> This one ?
> 
> > cryptsetup luksOpen /dev/sdb1 disk2
> > modprobe dm-mod
> > vgchange -ay
> > mount /dev/disk2/disk2 /disk2

Which one you mount depends, of course, on where device mapper has
put the device file. With the cryptsetup above, on my box, the device
file would appear in /dev/mapper/disk2, for example.

In most cases, the vgchange happens automagically[1]. For my encrypted
backups, I do, for example

  # NOTE change /dev/sdb by whatever device the stick/external drive
  #  "appears" as:
  sudo cryptsetup luksOpen /dev/sdb backup
  sudo mount /dev/mapper/backup /media/backup
  rsync ... /home /media/backup/myself/home
  sync
  sudo umount /media/backup
  sudo cryptsetup luksClose backup

(of course, the rsync ... is actually a script and a tad more complicated,
but you get the idea).

NOTE: I have there /dev/sdb -- this is an unpartitioned disk with one big
LUKS volume on it. This is a bit unconventional; in your case you might
have one partition (e.g. /dev/sdb1).

Cheers

[1] I must admit that I don't know *who* is actually doing that for
me :-)
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAllSDpIACgkQBcgs9XrR2kZbSQCcD+sAL8lt98Cc8wQgd9uileD/
segAoII4E1V4XoA6RSIQ0EEHIn9UYtsz
=aGaA
-END PGP SIGNATURE-

Re: How to attach a fully encrypted drive to Stretch

2017-06-26 Thread commentsabout 
Hello,

On 2017-06-26 19:36, Eduardo M KALINOWSKI wrote:
> On 26-06-2017 16:28, commentsab...@riseup.net wrote:
>> I have an adapter to connect my older Jessie (fully encrypted) SATA HDD
>> to a USB port. Simply plugin the older disk/adapter into the freshly
>> installed Stretch doesn't seem to work (I'm not being prompted for a
>> passphrase).
>>
>> What is the proper way to access the data on that drive when connected
>> to the host system via a USB adapter ?
>>
>> I found an answer on
>> 
>> but do not know if it is valid and am not keen on running undocumented
>> commands/commands that I do not understand.
> 
> Assuming the disk is a LUKS encrypted volume (the default since who
> knows when), the command is exactly the one in your link.

Thank you for your answer.

There are actually several answers on the Stack Exchange thread, which
one is the right one ?

This one ?

> cryptsetup luksOpen /dev/sdb1 disk2
> modprobe dm-mod
> vgchange -ay
> mount /dev/disk2/disk2 /disk2


CA

Re: How to attach a fully encrypted drive to Stretch

2017-06-26 Thread Eduardo M KALINOWSKI 
On 26-06-2017 16:28, commentsab...@riseup.net wrote:
> I have an adapter to connect my older Jessie (fully encrypted) SATA HDD
> to a USB port. Simply plugin the older disk/adapter into the freshly
> installed Stretch doesn't seem to work (I'm not being prompted for a
> passphrase).
>
> What is the proper way to access the data on that drive when connected
> to the host system via a USB adapter ?
>
> I found an answer on
> 
> but do not know if it is valid and am not keen on running undocumented
> commands/commands that I do not understand.

Assuming the disk is a LUKS encrypted volume (the default since who
knows when), the command is exactly the one in your link.

If you don't know what the command does, try 'man cryptsetup', which
will explain what it does and list the other commands and options you
can use.

-- 
It's easier to take it apart than to put it back together.
-- Washlesky

Eduardo M KALINOWSKI
edua...@kalinowski.com.br

How to attach a fully encrypted drive to Stretch

2017-06-26 Thread commentsabout 
Hello,

Rather than upgrading my Jessie system, I decided to go with a fresh
install of Stretch on a new SSD.

I have an adapter to connect my older Jessie (fully encrypted) SATA HDD
to a USB port. Simply plugin the older disk/adapter into the freshly
installed Stretch doesn't seem to work (I'm not being prompted for a
passphrase).

The encryption on Jessie was done at install time following the guided
install ("use entire disk and setup encrypted LVM").

What is the proper way to access the data on that drive when connected
to the host system via a USB adapter ?

I found an answer on

but do not know if it is valid and am not keen on running undocumented
commands/commands that I do not understand.

Thank you in advance for your help :)

CA