Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

HOWTO Setup encrypted external drive mounted at boot

Share your HowTo, Documentation, Tips and Tricks. Not for support questions!.
Post Reply
Message
Author
tylerdurden
Posts: 1
Joined: 2018-07-11 14:43

HOWTO Setup encrypted external drive mounted at boot

#1 Post by tylerdurden »

This explains how I encrypted an external 1Tb hard drive with an XFS file system which is mounted automatically at boot when present. I'm using it for backup purposes.

System used:

Code: Select all

Linux debian 4.9.0-6-amd64 #1 SMP Debian 4.9.88-1+deb9u1 (2018-05-07) x86_64 GNU/Linux
1. DISK SETUP

This assumes the device is /dev/sdb.
Everything must be done as root.

Partition disk if needed by setting up a Linux lvm partition:

Code: Select all

$ cfdisk /dev/sdb
or

Code: Select all

$ fdisk /dev/sdb
Wipe the partition. WARNING: will take a while.

Code: Select all

$ dd if=/dev/zero of=/dev/sdb bs=4M
Setup encryption on device:

Code: Select all

$ cryptsetup luksFormat /dev/sdb1
Open encrypted partition:

Code: Select all

$ cryptsetup luksOpen /dev/sdb1 backup  # creates /dev/mapper/backup
Create XFS file system:

Code: Select all

$ mkfs.xfs /dev/mapper/backup           # install "xfsprogs" if absent
2. MOUNTPOINT SETUP

Allow device, if present, to be mounted automatically at boot, and be prompted for password.

Create mountpoint, e.g. /backup

Code: Select all

$ mkdir /backup
Find out UUID of /dev/sdb1 with any of the following:

Code: Select all

$ blkid
$ ls -lha /dev/disk/by-uuid
$ lsblk -f
For instance:

Code: Select all

$ lsblk -f
sdb                                                                              
└─sdb1                  crypto_LUKS       e616b645-de31-46d0-9cf6-82e10d4f861b   
  └─backup              xfs               b9931a95-3197-41d4-943f-69af29fc6eb8
Edit /etc/crypttab by adding the following line:

Code: Select all

backup  UUID=<uuid of /dev/sdb1>     none    luks,nofail
"None" means the system will ask for the password as we're not using a keyfile. The "nofail" option will ensure that the system doesn't hang when the device isn't present. See "man crypttab" for more options.

Add the encrypted file system to /etc/fstab:

Code: Select all

/dev/mapper/backup  /backup     xfs     nofail,noatime,rw,user,x-systemd.device-timeout=30  0   2
The systemd device timeout is optional. See here for more info.

Mount all with:

Code: Select all

mount -a
Reboot the system. While booting, the system will attempt to mount the device and prompt for a password, if it's plugged in. If not, it will ignore it.

3. ALLOW USERS TO WRITE TO EXTERNAL HARD DRIVE

Allow users to read and write to the external harddrive without changing ownership and permissions of the mountpoint /backup when the device is not mounted.

As root, mount /backup and then change ownership as needed. For instance:

Code: Select all

$ mount /backup
$ chown user:users /backup
When mounted, ownership/permissions will then be:

Code: Select all

$ ls -ld /backup

    drwxr-xr-x 3 user users 57 jui 11 00:46 /backup
When not mounted, ownership/permissions will be:

Code: Select all

$ ls -ld /backup
    
    drwxr-xr-x 2 root root 4096 jui 10 20:05 /backup
When the external hard drive is plugged in, the system will notify you and ask for a password. Alternatively, mount the drive from the desktop. It will ask you to provide the password for device /dev/mapper/backup. It will be mounted under /backup if you followed this tutorial.

Hope this is useful. Comments and additional tips are welcome.
Last edited by tylerdurden on 2018-07-11 17:01, edited 1 time in total.
Debian 9.5 Stretch

User avatar
cds60601
df -h | participant
df -h | participant
Posts: 698
Joined: 2017-11-25 05:58
Location: Florida
Has thanked: 129 times
Been thanked: 59 times

Re: HOWTO Setup encrypted external drive mounted at boot

#2 Post by cds60601 »

See this thread for an alternative way (possibly easier)
http://forums.debian.net/viewtopic.php? ... 74#p674155
Supercalifragilisticexpialidocious

Post Reply