IamSpartacus Posted February 14, 2018 Posted February 14, 2018 For any of you using disk encryption, are you manually entering the passphrase on each restart or have you found a way to automate the process while still keeping it secure? Quote
IamSpartacus Posted February 15, 2018 Author Posted February 15, 2018 Is no one using encryption or am I just missing something silly? Quote
pwm Posted February 15, 2018 Posted February 15, 2018 If your machine autostarts the encrypted array, then I can come and pick up your machine and bring home and have it autostart - what gain would you then get with the disk encryption? Quote
IamSpartacus Posted February 15, 2018 Author Posted February 15, 2018 (edited) 3 minutes ago, pwm said: If your machine autostarts the encrypted array, then I can come and pick up your machine and bring home and have it autostart - what gain would you then get with the disk encryption? I was thinking maybe someone else had configured their network in such a way as to where unRAID looks to a different server (local or remote via VPN) for the encryption key via an SSH (or otherwise secure) connection. Thus if that server is taken offline or made inaccessible, so would be the array. Edited February 15, 2018 by IamSpartacus Quote
CHBMB Posted February 15, 2018 Posted February 15, 2018 8 minutes ago, IamSpartacus said: I was thinking maybe someone else had configured their network in such a way as to where unRAID looks to a different server (local or remote via VPN) for the encryption key via an SSH (or otherwise secure) connection. Thus if that server is taken offline or made inaccessible, so would be the array. I seem to remember someone talking about a RPi zero or something to serve as a key server so to speak. So the array could start automatically providing the RPi was powered on. Quote
CHBMB Posted February 15, 2018 Posted February 15, 2018 48 minutes ago, ljm42 said: I think you're looking for this: Yep, that's the one, quite a nice little idea I thought..... Quote
IamSpartacus Posted February 15, 2018 Author Posted February 15, 2018 53 minutes ago, ljm42 said: I think you're looking for this: Exactly. Thanks for this! Quote
Trunkton Posted January 4, 2019 Posted January 4, 2019 Are there any guides for those of us who used a password over a keyfile? Quote
bonienl Posted January 4, 2019 Posted January 4, 2019 A passphrase means manual input. You can however store the passphrase in a file to do automation. Quote
rasmus Posted January 13, 2020 Posted January 13, 2020 @bonienl Has this changed since @SpaceInvaderOne made his video? He was using a passphrase and unraid generated a keyfile from that afterwards. But i can not get it to do the same on mine though. Quote
teh0wner Posted May 2, 2020 Posted May 2, 2020 On 1/13/2020 at 10:56 PM, rasmus said: @bonienl Has this changed since @SpaceInvaderOne made his video? He was using a passphrase and unraid generated a keyfile from that afterwards. But i can not get it to do the same on mine though. Have you ever figured this out? Fell into the same trap myself. Quote
rasmus Posted May 7, 2020 Posted May 7, 2020 @teh0wner i did end up fixing it! What i did was putting the passphrase in a text file on my dns server and make my unraid server retrieve it at every boot meaning that if it ever was taken away from here it wouldn't decrypt the disks. I did this using some scripts for adding a ssh key to my server at every boot and another script that uses said key to retrieve the passphrase file with passwordless rsync. DM me if you want a more in depth guide 1 Quote
rasmus Posted June 22, 2020 Posted June 22, 2020 @teh0wner Yeah i did end up fixing it! I tried using the passphrase and putting it on a file which did not work. Turns out that it was something with the ending of the file and the formatting as well. Easiest way to get it all correct is to do the following command on whatever machine you want the keyfile: echo "insert passphrase here" > keyfile This will ensure the correct format and ending in the file. Quote
Druiff Posted August 1, 2020 Posted August 1, 2020 (edited) On 6/22/2020 at 11:20 AM, rasmus said: @teh0wner Yeah i did end up fixing it! I tried using the passphrase and putting it on a file which did not work. Turns out that it was something with the ending of the file and the formatting as well. Easiest way to get it all correct is to do the following command on whatever machine you want the keyfile: echo "insert passphrase here" > keyfile This will ensure the correct format and ending in the file. And make sure to use the right [ ' ]. Only use the one ' if you have any special characters in your passphrase. (i used printf as well instead of echo) Edited August 1, 2020 by Druiff Quote
ssinseeme Posted February 3, 2021 Posted February 3, 2021 Hi there, i am really struggling with this auto start. for know i want to try to auto start without FTP i know it defeat the purpose of having an encrypted unraid but until i get a DNS that will host an FTP i want to autostart. I created a key file and in the keyfile and added my passphrase, then i added this #!/bin/bash # Start the Management Utility /usr/local/sbin/emhttp & cp /boot/config/keyfile /root/keyfile to my Go file, but it doesn't work? Quote
beckp Posted March 20, 2021 Posted March 20, 2021 The key file needs to be available before emhttp starts. Change your go file to #!/bin/bash cp /boot/config/keyfile /root/keyfile # Start the Management Utility /usr/local/sbin/emhttp & Quote
Danuel Posted May 23, 2021 Posted May 23, 2021 (edited) hi i decided to encrypt my array and trying to use with FTP on local LAN to get the key, the problem i have is not working, i get this message Will not apply HSTS, The HSTS database must be a regular and non-world-writable file. ftp://192.198.1.35:22/urdk => ' /root/urdk' connecting to 192.168.1.35:22 ... connected. but that was it, is not taking the file any help please PS: found the problem was wrong port number :)) Edited May 23, 2021 by Danuel Quote
Mor9oth Posted June 18, 2021 Posted June 18, 2021 Hello! I hope someone can help me. For the last year my unraid server autostarted the encrypted array automatically by downloading the keyfile from FTP. I used the guide from @SpaceInvaderOne, and it worked well until yesterday. Yesterday the array did not start and showed up the message "wrong key", similar like shown in this thread: https://forums.unraid.net/topic/87488-new-unraid-server-reporting-invalid-encryption-key-after-reboot/?_fromLogin=1 Unfortunately, I have no idea what went wrong since I did not change anything. I checked the keyfile: With every reboot the keyfile will be correctly downloaded to /root/keyfile as in the guide. I also did not change the password. The password has 11 Characters and only letters and numbers. No special characters. It is very strange because I didn't change anything and the file is in /root. Any ideas on this? Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.