February 14, 20188 yr For any of you using disk encryption, are you manually entering the passphrase on each restart or have you found a way to automate the process while still keeping it secure?
February 15, 20188 yr If your machine autostarts the encrypted array, then I can come and pick up your machine and bring home and have it autostart - what gain would you then get with the disk encryption?
February 15, 20188 yr Author 3 minutes ago, pwm said: If your machine autostarts the encrypted array, then I can come and pick up your machine and bring home and have it autostart - what gain would you then get with the disk encryption? I was thinking maybe someone else had configured their network in such a way as to where unRAID looks to a different server (local or remote via VPN) for the encryption key via an SSH (or otherwise secure) connection. Thus if that server is taken offline or made inaccessible, so would be the array. Edited February 15, 20188 yr by IamSpartacus
February 15, 20188 yr 8 minutes ago, IamSpartacus said: I was thinking maybe someone else had configured their network in such a way as to where unRAID looks to a different server (local or remote via VPN) for the encryption key via an SSH (or otherwise secure) connection. Thus if that server is taken offline or made inaccessible, so would be the array. I seem to remember someone talking about a RPi zero or something to serve as a key server so to speak. So the array could start automatically providing the RPi was powered on.
February 15, 20188 yr 48 minutes ago, ljm42 said: I think you're looking for this: Yep, that's the one, quite a nice little idea I thought.....
February 15, 20188 yr Author 53 minutes ago, ljm42 said: I think you're looking for this: Exactly. Thanks for this!
January 4, 20197 yr A passphrase means manual input. You can however store the passphrase in a file to do automation.
January 13, 20206 yr @bonienl Has this changed since @SpaceInvaderOne made his video? He was using a passphrase and unraid generated a keyfile from that afterwards. But i can not get it to do the same on mine though.
May 2, 20206 yr On 1/13/2020 at 10:56 PM, rasmus said: @bonienl Has this changed since @SpaceInvaderOne made his video? He was using a passphrase and unraid generated a keyfile from that afterwards. But i can not get it to do the same on mine though. Have you ever figured this out? Fell into the same trap myself.
May 7, 20206 yr @teh0wner i did end up fixing it! What i did was putting the passphrase in a text file on my dns server and make my unraid server retrieve it at every boot meaning that if it ever was taken away from here it wouldn't decrypt the disks. I did this using some scripts for adding a ssh key to my server at every boot and another script that uses said key to retrieve the passphrase file with passwordless rsync. DM me if you want a more in depth guide
June 22, 20206 yr @teh0wner Yeah i did end up fixing it! I tried using the passphrase and putting it on a file which did not work. Turns out that it was something with the ending of the file and the formatting as well. Easiest way to get it all correct is to do the following command on whatever machine you want the keyfile: echo "insert passphrase here" > keyfile This will ensure the correct format and ending in the file.
August 1, 20205 yr On 6/22/2020 at 11:20 AM, rasmus said: @teh0wner Yeah i did end up fixing it! I tried using the passphrase and putting it on a file which did not work. Turns out that it was something with the ending of the file and the formatting as well. Easiest way to get it all correct is to do the following command on whatever machine you want the keyfile: echo "insert passphrase here" > keyfile This will ensure the correct format and ending in the file. And make sure to use the right [ ' ]. Only use the one ' if you have any special characters in your passphrase. (i used printf as well instead of echo) Edited August 1, 20205 yr by Druiff
February 3, 20215 yr Hi there, i am really struggling with this auto start. for know i want to try to auto start without FTP i know it defeat the purpose of having an encrypted unraid but until i get a DNS that will host an FTP i want to autostart. I created a key file and in the keyfile and added my passphrase, then i added this #!/bin/bash # Start the Management Utility /usr/local/sbin/emhttp & cp /boot/config/keyfile /root/keyfile to my Go file, but it doesn't work?
March 20, 20215 yr The key file needs to be available before emhttp starts. Change your go file to #!/bin/bash cp /boot/config/keyfile /root/keyfile # Start the Management Utility /usr/local/sbin/emhttp &
May 23, 20215 yr hi i decided to encrypt my array and trying to use with FTP on local LAN to get the key, the problem i have is not working, i get this message Will not apply HSTS, The HSTS database must be a regular and non-world-writable file. ftp://192.198.1.35:22/urdk => ' /root/urdk' connecting to 192.168.1.35:22 ... connected. but that was it, is not taking the file any help please PS: found the problem was wrong port number :)) Edited May 23, 20215 yr by Danuel
June 18, 20215 yr Hello! I hope someone can help me. For the last year my unraid server autostarted the encrypted array automatically by downloading the keyfile from FTP. I used the guide from @SpaceInvaderOne, and it worked well until yesterday. Yesterday the array did not start and showed up the message "wrong key", similar like shown in this thread: https://forums.unraid.net/topic/87488-new-unraid-server-reporting-invalid-encryption-key-after-reboot/?_fromLogin=1 Unfortunately, I have no idea what went wrong since I did not change anything. I checked the keyfile: With every reboot the keyfile will be correctly downloaded to /root/keyfile as in the guide. I also did not change the password. The password has 11 Characters and only letters and numbers. No special characters. It is very strange because I didn't change anything and the file is in /root. Any ideas on this?
Archived
This topic is now archived and is closed to further replies.