XFS Encrypted and keyfile to autostart?

[NLS]

I am trying to setup an UNRAID for a friend.

I want to use XFS Encrypted FS for the data, so I changed the filesystem to it, formated the (still empty) array and is looking OK.

Problem is that using a pass phrase means manual work for my friend: First login to GUI, then navigate to Main, go to the bottom of the page and supply the keyphrase.

(btw, when array is encrypted, I think UNRAID should just pop-up a requester for the key immediately going to ANY page in the GUI, not having to search for this!)

 

Anyway, I want to use a keyfile so that (I want to believe - please verify) the array will autostart if it finds the keyfile.

 

I do NOT plan to use FTP or hide it too much or whatever (it won't be used for hyper-sensitive data, just as an extra pre-caution), I just want to put it somewhere in the USB boot stick, so that if the stick is removed, even if someone gets the rest of the server, it is useless to them.

So here are my problems:

 

1) UNRAID own GUI (accessed local on server with the default browser), doesn't do anything if I press "Browse" to supply keyfile. It is not even a matter of pop-up blocking, as I allowed localhost. Still doesn't work.

2) I tried to use another computer to access the GUI, clicked "Browse", indeed allowed me to select the file (which was local to the SECOND computer and I would copy to server later - or I expected that by selecting it, UNRAID would just copy it to a default location) and this in turn started the array and encoded it using that keyfile.

I then copied the keyfile named in some arbitrary name (same as the one I "browsed" above), containing the "key" in it (no CR/LF, just a single line) to  the root of /boot (which is the USB stick, ain't it?)... Rebooted and... nothing.

 

Asks for the key. I need to re-supply it somehow (from a second computer that allows me to click "Browse").

So... help!?

How can I put the keyfile manually somewhere in USB stick AND set UNRAID to look for it exactly there, automatically, without using the problematic local browser that I cannot use "Browse" on it?
(so I can never supply using the web, the proper path to the keyfile)
 

 

[NLS]

Nobody can help?

[SimonF]

30 minutes ago, NLS said:

Nobody can help?

This will in effect make the encryption irrelevant as the key is with the system. I do it on my test/dev system just because I wanted to play with encryption.

 

Once you have entered the key file you can copy the file to the boot drive but you need to copy it back in the go file before the system starts the gui.

 

I used to use FTP, but here is my go file for info.

 

#!/bin/bash
# Start the Management Utility
#wget --ftps-implicit --user=xxxx  --password='xxxx' ftp://192.168.1.xxx/files/keyfile -O /root/keyfile
cp /boot/extras/keyfile /root/keyfile

/usr/local/sbin/emhttp &

 

[NLS]

On 7/1/2022 at 12:11 AM, SimonF said:

This will in effect make the encryption irrelevant as the key is with the system. I do it on my test/dev system just because I wanted to play with encryption.

 

Once you have entered the key file you can copy the file to the boot drive but you need to copy it back in the go file before the system starts the gui.

 

I used to use FTP, but here is my go file for info.

 

#!/bin/bash
# Start the Management Utility
#wget --ftps-implicit --user=xxxx  --password='xxxx' ftp://192.168.1.xxx/files/keyfile -O /root/keyfile
cp /boot/extras/keyfile /root/keyfile

/usr/local/sbin/emhttp &

 

 

 

Question is, is the system made to look for a file name "keyfile" in /root?

EDIT: Yes.

Thanks.
 

Edited July 4, 2022 by NLS