Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Autostarting Encrypted Array

Featured Replies

For any of you using disk encryption, are you manually entering the passphrase on each restart or have you found a way to automate the process while still keeping it secure?

  • Author

Is no one using encryption or am I just missing something silly?

If your machine autostarts the encrypted array, then I can come and pick up your machine and bring  home and have it autostart - what gain would you then get with the disk encryption?

  • Author
3 minutes ago, pwm said:

If your machine autostarts the encrypted array, then I can come and pick up your machine and bring  home and have it autostart - what gain would you then get with the disk encryption?

 

I was thinking maybe someone else had configured their network in such a way as to where unRAID looks to a different server (local or remote via VPN) for the encryption key via an SSH (or otherwise secure) connection.  Thus if that server is taken offline or made inaccessible, so would be the array.

Edited by IamSpartacus

8 minutes ago, IamSpartacus said:

 

I was thinking maybe someone else had configured their network in such a way as to where unRAID looks to a different server (local or remote via VPN) for the encryption key via an SSH (or otherwise secure) connection.  Thus if that server is taken offline or made inaccessible, so would be the array.

 

I seem to remember someone talking about a RPi zero or something to serve as a key server so to speak.  So the array could start automatically providing the RPi was powered on.

48 minutes ago, ljm42 said:

I think you're looking for this: 

 

 

Yep, that's the one, quite a nice little idea I thought..... :)

 

  • Author
53 minutes ago, ljm42 said:

I think you're looking for this: 

 

 

 

Exactly.  Thanks for this!

  • 1 month later...
  • 9 months later...

Are there any guides for those of us who used a password over a keyfile?

A passphrase means manual input. You can however store the passphrase in a file to do automation.

  • 1 year later...

@bonienl Has this changed since @SpaceInvaderOne made his video?
He was using a passphrase and unraid generated a keyfile from that afterwards.

 

But i can not get it to do the same on mine though.

  • 3 months later...
On 1/13/2020 at 10:56 PM, rasmus said:

@bonienl Has this changed since @SpaceInvaderOne made his video?
He was using a passphrase and unraid generated a keyfile from that afterwards.

 

But i can not get it to do the same on mine though.

Have you ever figured this out?

Fell into the same trap myself.

@teh0wner i did end up fixing it!

What i did was putting the passphrase in a text file on my dns server and make my unraid server retrieve it at every boot meaning that if it ever was taken away from here it wouldn't decrypt the disks.

I did this using some scripts for adding a ssh key to my server at every boot and another script that uses said key to retrieve the passphrase file with passwordless rsync.

 

DM me if you want a more in depth guide :)

 

  • 1 month later...

@teh0wner Yeah i did end up fixing it!

I tried using the passphrase and putting it on a file which did not work. Turns out that it was something with the ending of the file and the formatting as well.

Easiest way to get it all correct is to do the following command on whatever machine you want the keyfile:

echo "insert passphrase here" > keyfile

This will ensure the correct format and ending in the file.

  • 1 month later...
On 6/22/2020 at 11:20 AM, rasmus said:

@teh0wner Yeah i did end up fixing it!

I tried using the passphrase and putting it on a file which did not work. Turns out that it was something with the ending of the file and the formatting as well.

Easiest way to get it all correct is to do the following command on whatever machine you want the keyfile:


echo "insert passphrase here" > keyfile

This will ensure the correct format and ending in the file.

 

And make sure to use the right [ ' ]. Only use the one ' if you have any special characters in your passphrase. xD
(i used printf as well instead of echo)

Edited by Druiff

  • 6 months later...

Hi  there, i am really struggling with this auto start.

for know i want to try to auto start without FTP i know it defeat the purpose of having an encrypted unraid but until i get a DNS that will host an FTP i want to autostart.

I created a key file and in the keyfile and  added  my passphrase,  then i added this 

#!/bin/bash
# Start the Management Utility
/usr/local/sbin/emhttp &
cp /boot/config/keyfile /root/keyfile

to my Go file, but it doesn't work? 

  • 1 month later...

The key file needs to be available before emhttp starts. 

Change your go file to

 

#!/bin/bash

cp /boot/config/keyfile /root/keyfile

# Start the Management Utility

/usr/local/sbin/emhttp &

  • 2 months later...

hi i decided to encrypt my array and trying to use with FTP  on local LAN to get the key, the problem i have is not working, i get this message 

 

Will not apply HSTS, The HSTS database must be a regular  and non-world-writable file.

ftp://192.198.1.35:22/urdk

=> ' /root/urdk'

connecting to 192.168.1.35:22 ... connected.

 

but that was it, is not taking the file

 

 

any help please

 

PS: found the problem was wrong port number :))

Edited by Danuel

  • 4 weeks later...

Hello! I hope someone can help me. For the last year my unraid server autostarted the encrypted array automatically by downloading the keyfile from FTP. I used the guide from @SpaceInvaderOne, and it worked well until yesterday. Yesterday the array did not start and showed up the message "wrong key", similar like shown in this thread:

 

https://forums.unraid.net/topic/87488-new-unraid-server-reporting-invalid-encryption-key-after-reboot/?_fromLogin=1

 

Unfortunately, I have no idea what went wrong since I did not change anything. I checked the keyfile: With every reboot the keyfile will be correctly downloaded to /root/keyfile as in the guide. I also did not change the password. The password has 11 Characters and only letters and numbers. No special characters. It is very strange because I didn't change anything and the file is in /root.

 

Any ideas on this?

Screenshot Capture - 2021-06-18 - 10-44-16.png

Does it work if you add the key manually?

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.