Autostarting Encrypted Array


Recommended Posts

3 minutes ago, pwm said:

If your machine autostarts the encrypted array, then I can come and pick up your machine and bring  home and have it autostart - what gain would you then get with the disk encryption?

 

I was thinking maybe someone else had configured their network in such a way as to where unRAID looks to a different server (local or remote via VPN) for the encryption key via an SSH (or otherwise secure) connection.  Thus if that server is taken offline or made inaccessible, so would be the array.

Edited by IamSpartacus
Link to comment
8 minutes ago, IamSpartacus said:

 

I was thinking maybe someone else had configured their network in such a way as to where unRAID looks to a different server (local or remote via VPN) for the encryption key via an SSH (or otherwise secure) connection.  Thus if that server is taken offline or made inaccessible, so would be the array.

 

I seem to remember someone talking about a RPi zero or something to serve as a key server so to speak.  So the array could start automatically providing the RPi was powered on.

Link to comment
  • 1 month later...
  • 9 months later...
  • 1 year later...
  • 3 months later...

@teh0wner i did end up fixing it!

What i did was putting the passphrase in a text file on my dns server and make my unraid server retrieve it at every boot meaning that if it ever was taken away from here it wouldn't decrypt the disks.

I did this using some scripts for adding a ssh key to my server at every boot and another script that uses said key to retrieve the passphrase file with passwordless rsync.

 

DM me if you want a more in depth guide :)

 

  • Like 1
Link to comment
  • 1 month later...

@teh0wner Yeah i did end up fixing it!

I tried using the passphrase and putting it on a file which did not work. Turns out that it was something with the ending of the file and the formatting as well.

Easiest way to get it all correct is to do the following command on whatever machine you want the keyfile:

echo "insert passphrase here" > keyfile

This will ensure the correct format and ending in the file.

Link to comment
  • 1 month later...
On 6/22/2020 at 11:20 AM, rasmus said:

@teh0wner Yeah i did end up fixing it!

I tried using the passphrase and putting it on a file which did not work. Turns out that it was something with the ending of the file and the formatting as well.

Easiest way to get it all correct is to do the following command on whatever machine you want the keyfile:


echo "insert passphrase here" > keyfile

This will ensure the correct format and ending in the file.

 

And make sure to use the right [ ' ]. Only use the one ' if you have any special characters in your passphrase. xD
(i used printf as well instead of echo)

Edited by Druiff
Link to comment
  • 6 months later...

Hi  there, i am really struggling with this auto start.

for know i want to try to auto start without FTP i know it defeat the purpose of having an encrypted unraid but until i get a DNS that will host an FTP i want to autostart.

I created a key file and in the keyfile and  added  my passphrase,  then i added this 

#!/bin/bash
# Start the Management Utility
/usr/local/sbin/emhttp &
cp /boot/config/keyfile /root/keyfile

to my Go file, but it doesn't work? 

Link to comment
  • 1 month later...
  • 2 months later...

hi i decided to encrypt my array and trying to use with FTP  on local LAN to get the key, the problem i have is not working, i get this message 

 

Will not apply HSTS, The HSTS database must be a regular  and non-world-writable file.

ftp://192.198.1.35:22/urdk

=> ' /root/urdk'

connecting to 192.168.1.35:22 ... connected.

 

but that was it, is not taking the file

 

 

any help please

 

PS: found the problem was wrong port number :))

Edited by Danuel
Link to comment
  • 4 weeks later...

Hello! I hope someone can help me. For the last year my unraid server autostarted the encrypted array automatically by downloading the keyfile from FTP. I used the guide from @SpaceInvaderOne, and it worked well until yesterday. Yesterday the array did not start and showed up the message "wrong key", similar like shown in this thread:

 

https://forums.unraid.net/topic/87488-new-unraid-server-reporting-invalid-encryption-key-after-reboot/?_fromLogin=1

 

Unfortunately, I have no idea what went wrong since I did not change anything. I checked the keyfile: With every reboot the keyfile will be correctly downloaded to /root/keyfile as in the guide. I also did not change the password. The password has 11 Characters and only letters and numbers. No special characters. It is very strange because I didn't change anything and the file is in /root.

 

Any ideas on this?

Screenshot Capture - 2021-06-18 - 10-44-16.png

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.