Jump to content

Derek_

Members
  • Content Count

    31
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Derek_

  • Rank
    Advanced Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Yeah, nah I'm far too much a noob, and i'm not likely to change the encryption password very often at all. But if you have this scripting wizardry, perhaps suggest it to the devs who can GUIfy it and thank you for your brilliance
  2. Hi Kyle. The main reason was not having to have someone enter the 'confusing' GUI, yet still be able to start the array. I'm fine with my family having power, but not with their ability to wield it safely - there's a lot they could accidentally do in the main GUI and the procedure has to be taught, rather than being obvious and self-evident. I admit, i forgot that you needed root password to enter the GUI to start the array in the first place 😅, which leads me to an even more awesomer notion... Thinking about it more, why have starting the encrypted array require the root password at all? If there is no encryption, just turning on the system grants access to the data assuming it is set to auto-start (don't need to access the GUI). If it is encrypted, well you already need to enter a password to start the array. So i currently need to enter two passwords to start my array. (Just a note, i do not want to store my password as a key to have the encrypted array auto-start). So i guess we could clarify and expand the request: be able to start the encrypted array without the root password (only the encryption password), which may be sweeter if its done on a pretty and simple separate page like the example IP/Start. I think the existing disconnect (requiring root and encryption passwords to start an encrypted array) is a consequence of encryption being added fairly recently, and peoples use-cases having not been obvious. Thanks for asking
  3. Yes, i forgot to mention that parity wasn't part of it, i guess i implied it as parity isn't encrypted. But thank you for clarifying that. I found it quite handy to use the terminal command: # lsblk ...which outputted all my devices. Anything with the word "crypt" against it was what i added/removed the password for. I've trimmed my output to just show the encrypted devices, so you won't see parity or anything else. Below, sdX is my cache (btrfs encrypted RAID1), mdX is my data array but not the parity disk as @doron has mentioned (XFS encrypted): sdb 8:16 0 238.5G 0 disk └─sdb1 8:17 0 238.5G 0 part └─sdb1 254:2 0 238.5G 0 crypt <<< This one sdc 8:32 0 238.5G 0 disk └─sdc1 8:33 0 238.5G 0 part └─sdc1 254:3 0 238.5G 0 crypt /mnt/cache <<< This one md1 9:1 0 5.5T 0 md └─md1 254:0 0 5.5T 0 crypt /mnt/disk1 <<< This one md2 9:2 0 5.5T 0 md └─md2 254:1 0 5.5T 0 crypt /mnt/disk2 <<< This one The community here is really good Glad i paid up, i'm getting the hang of it
  4. @doron Thank you. I do appreciate your patience with me Where X is the disk number, and done for all encrypted disks either array or cache: # cryptsetup luksAddKey /dev/mdX reboot & test # cryptsetup luksRemoveKey /dev/mdX reboot & test I did per instructed, rebooted, used the new key and everything was fine. My only docker functioned normally and i could read data i had on the array and in the cache drives (very little atm). I copied a fresh file across and it was fine too. Removed the old password per instructions and rebooted. Tried the old password: as expected - it doesn't work. New password: still works. I did not do my 'quick way' (change, rather than add > remove) because i agree it is far more risky, and i think maybe it'd cause problems with anything was running. So i didn't do it, and i don't recommend anyone else tries it. So THANK YOU (and 'limetech'). Last question(s): i read that there's 8 key slots available to use. Do i still have 7 left, or is a used/deleted slot forever taken? And does will it matter what slot this, or any other key is in? Does this new key now revert to the 1st slot?
  5. Thanks again. What about Dockers and VMs - should they be stopped?
  6. Noob question.. what's the difference between the Binhex Krusader and the... non-Binhex Krusader?
  7. Thanks @doron, that is somewhat clearer. Should the array be stopped before doing the deed?
  8. I came here looking for an answer to the same question I understand your apprehension, and it's not helped that we can't seem to find clear instructions in the Wiki (that i could see): https://wiki.unraid.net/index.php/UnRAID_Topical_Index#Encryption and the forum post above is many pages long, isn't current (as is the nature of forums) and anyone could put an incorrect solution that be followed. I had trouble following the conversation, let alone finding the specific instructions to change the password. What i did see was something about adding and then removing keys. I believe there's an easier way but i don't know how to apply it to unRAID (i.e. the /dev/??? - no idea what to put there) so try it at your own risk: root@tower:~# cryptsetup luksChangeKey /dev/??? Enter LUKS passphrase to be changed: Enter new LUKS passphrase: I'm new to unRAID, but it seems that the Wiki is very out of date in many cases so its hard to find current and accurate stuff there. I was looking up sleep/wake stuff and it was so damned complicated. I found the easy way via Space Invader on YouTube (and another guy on YouTube). Clearly that Wiki page is outdated (or at best incomplete). I realise this isn't Arch Linux, but now there is an amazing Wiki!
  9. Thanks for the link. I admit i'm no better informed. I guess the discussion is beyond me I'll just accept it as it is. No doubt changing the default will become annoying somewhere down the line, even in discussion or if i'm asking for troubleshooting help.
  10. I guess i was surprised it wasn't called "VMs" (or similar). I guess there's some significance to the use of the name "domains" but i don't know what it is. I've hunted around and searched and i don't see the same question. Would someone care to enlighten me? Thanks.
  11. Hi guys. It did not occur to me that sleep wouldn't require the array/encryption password to unlock. So i tested it and you're right - it does not. Now to figure out how to wake up my box by WOL or something 🤔 My entire array is encrypted (well, parity doesn't encrypt, because it doesn't contain data per se - though i'd be interested to know how secure that is). I use encryption across the whole device because of the risk of physical theft. I still like the idea of IP/Start so people can input the password to start the array without having to enter a comparatively complicated GUI but i guess its less important than i thought.
  12. I've decided to lodge a feature request. It doesn't look like there's a 'nice' way to do it. So why not ask for one
  13. Hiya, i'm pretty new to unRAID (i'm still setting up my first proper server after recently purchasing). I've noticed that the way to unlock the array (if using a password) is not 'family friendly': go to the IP address, then into the MAIN tab, then enter a password, and select 'START'. There's also a lot of things they could accidentally do while there if they're careless. I was thinking a simpler, nice-looking (with themes eventually) web page would be great, e.g. http://192.168.1.100/Start Save a bookmark on the family computers, they can go there - enter the password and click "START" (no other unnecessary information presented). Thanks.
  14. New guy here. I don't plan to keep my brand new old-hardware unRAID server on all night, i figure i'll set it to sleep (if i can figure out how to wake it up again!). My array is encrypted, but my family will want to start the server and the only way i can see to do it atm is to go to the IP address, then into the MAIN tab, then enter a password, and select 'START'. Not very family friendly. It'd be great if there was a browser extension, or even just a pretty GUI for when the server is up, asking for that password. I could save a bookmark in their browser and they can go there - enter the password and click "START" (no other unnecessary information presented). Perhaps the url could be: http://192.168.1.100/Start (random IP example). I know there's an option to use a key, but saving that on the USB is not cool. Using FTP or something to have the key stored elsewhere is a bit of work, and still not great. Are there any existing options? Or can i make this a feature suggestion somewhere? Thanks.