bphillips330 Posted April 8, 2018 Share Posted April 8, 2018 Avid Arch Linux user switching to Unraid. Currently zeroing couple drives to start an array (this takes forever ha) My other data drives, were NOT raided, and all were luks encrypted. My question is, How can I mount those drives to copy the data off to the new array? Can I mount those drives and use them to copy off via the gui? If I go to console and do the cryptsetup commands to mount them there. Does that break anything? Can I do stuff in the terminal with the drives, or is it recommended to do everything in the gui? Thanks for all the help! Link to comment
John_M Posted April 8, 2018 Share Posted April 8, 2018 The way to mount drives outside of the array is to use the Unassigned Devices plugin. It was fairly recently updated to allow encrypted volumes to be mounted but I haven't tried it myself as I have no use for encrypted disks. The support thread is very long so I suggest you read the first post and then jump forward to this one to see if it helps as there are certain restrictions. Link to comment
tr0910 Posted April 9, 2018 Share Posted April 9, 2018 At this point, unRaid crypto is a bit inflexible as it requires all drive to have the same crypto key/passphrase. And you must have an array drive already encrypted before UD will allow you to attach an encrypted drive. Others have noted that UD will likely need to be more flexible and support different keyphrases as you are unlikely to want all your unassigned drives encrypted with the same key. See here: Link to comment
pwm Posted April 9, 2018 Share Posted April 9, 2018 2 hours ago, tr0910 said: Others have noted that UD will likely need to be more flexible and support different keyphrases as you are unlikely to want all your unassigned drives encrypted with the same key. It isn't really that much of a problem to have the same passphrase for all disks - the passphrase isn't the actual encryption key and you can have up to 8 passphrases. That means that an external disk can be given one passphrase for use on your unRAID machine while it uses a completely different passphrase when connected to another machine. It also means that you can change unlocking passphrase quickly without affecting the actual disk encryption. Link to comment
tr0910 Posted April 9, 2018 Share Posted April 9, 2018 I suppose you could work that way. But best practice would be to have actual different encyption for different drives. Suppose that one encrypted drive is shared with clients. Link to comment
pwm Posted April 9, 2018 Share Posted April 9, 2018 13 minutes ago, tr0910 said: I suppose you could work that way. But best practice would be to have actual different encyption for different drives. Suppose that one encrypted drive is shared with clients. Every single drive uses a unique encryption key for the actual encryption. This is an encryption key you would normally never see, since you supply a passphrase or key file to unlock the encryption key. And the whole point of LUKS supporting 8 different passphrases is that you can create a unique passphrase for the disk you want to share with a client - they do not need to know the passphrase you use when you connect the same drive to your unRAID machine. The passphrase you give them will only unlock disks that have that passphrase associated. And after they unlock the disk, they will still not be able to steal any encryption key for any other disk since every single disk always uses unique encryption keys. Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.