June 29, 20224 yr I am trying to setup an UNRAID for a friend. I want to use XFS Encrypted FS for the data, so I changed the filesystem to it, formated the (still empty) array and is looking OK. Problem is that using a pass phrase means manual work for my friend: First login to GUI, then navigate to Main, go to the bottom of the page and supply the keyphrase. (btw, when array is encrypted, I think UNRAID should just pop-up a requester for the key immediately going to ANY page in the GUI, not having to search for this!) Anyway, I want to use a keyfile so that (I want to believe - please verify) the array will autostart if it finds the keyfile. I do NOT plan to use FTP or hide it too much or whatever (it won't be used for hyper-sensitive data, just as an extra pre-caution), I just want to put it somewhere in the USB boot stick, so that if the stick is removed, even if someone gets the rest of the server, it is useless to them. So here are my problems: 1) UNRAID own GUI (accessed local on server with the default browser), doesn't do anything if I press "Browse" to supply keyfile. It is not even a matter of pop-up blocking, as I allowed localhost. Still doesn't work. 2) I tried to use another computer to access the GUI, clicked "Browse", indeed allowed me to select the file (which was local to the SECOND computer and I would copy to server later - or I expected that by selecting it, UNRAID would just copy it to a default location) and this in turn started the array and encoded it using that keyfile. I then copied the keyfile named in some arbitrary name (same as the one I "browsed" above), containing the "key" in it (no CR/LF, just a single line) to the root of /boot (which is the USB stick, ain't it?)... Rebooted and... nothing. Asks for the key. I need to re-supply it somehow (from a second computer that allows me to click "Browse"). So... help!? How can I put the keyfile manually somewhere in USB stick AND set UNRAID to look for it exactly there, automatically, without using the problematic local browser that I cannot use "Browse" on it? (so I can never supply using the web, the proper path to the keyfile)
June 30, 20224 yr Community Expert Solution 30 minutes ago, NLS said: Nobody can help? This will in effect make the encryption irrelevant as the key is with the system. I do it on my test/dev system just because I wanted to play with encryption. Once you have entered the key file you can copy the file to the boot drive but you need to copy it back in the go file before the system starts the gui. I used to use FTP, but here is my go file for info. #!/bin/bash # Start the Management Utility #wget --ftps-implicit --user=xxxx --password='xxxx' ftp://192.168.1.xxx/files/keyfile -O /root/keyfile cp /boot/extras/keyfile /root/keyfile /usr/local/sbin/emhttp &
July 4, 20224 yr Author On 7/1/2022 at 12:11 AM, SimonF said: This will in effect make the encryption irrelevant as the key is with the system. I do it on my test/dev system just because I wanted to play with encryption. Once you have entered the key file you can copy the file to the boot drive but you need to copy it back in the go file before the system starts the gui. I used to use FTP, but here is my go file for info. #!/bin/bash # Start the Management Utility #wget --ftps-implicit --user=xxxx --password='xxxx' ftp://192.168.1.xxx/files/keyfile -O /root/keyfile cp /boot/extras/keyfile /root/keyfile /usr/local/sbin/emhttp & Question is, is the system made to look for a file name "keyfile" in /root? EDIT: Yes. Thanks. Edited July 4, 20224 yr by NLS
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.