DragonFly users List (threaded) for 2013-07
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]
Re: Encrypting the home partition in DragonFlyBSD
On Monday, July 08, 2013 09:21:34 Siju George wrote:
> Hi,
>
> Could some one please tell me if it is possible to encrypt /home partition
> and how to do it?
I have two DragonFly boxes, both with a /crypt partition. To set it up:
1. Make a partition.
2. Use cryptsetup to set up encryption on the partition:
# cryptsetup luksFormat /dev/serno/BLAH.s1d
3. Add a line to /etc/crypttab:
crypt /dev/serno/BLAH.s1d none tries=3,timeout=200
Without the timeout, the computer will wait until you type the password. If it
boots unattended and you need it to come up without you, put a timeout.
4. Open the encrypted partition:
# /etc/rc.d/cryptdisks start
The plaintext device will appear in /dev/mapper/.
5. Create a filesystem on the plaintext device. If it's Hammer, you can add
VFSes to it, and they will likewise be encrypted on disk.
You have to load dm_target_crypt before opening the partition. If you put
"dm_target_crypt_load" in /boot/loader.conf and the box crashes on booting,
you have bug 2557, in which case you can't encrypt the root partition. See
http://bugs.dragonflybsd.org/issues/2557 .
If you want both swap and /home encrypted together, you have to use LVM. I've
done this in Linux, but haven't used LVM in DFly because it has Hammer and I
haven't needed to encrypt swap.
Pierre
--
sei do'anai mi'a djuno puze'e noroi nalselganse srera
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]