个人工具
登录
查看“UbuntuHelp:FeistyLUKSTwoFormFactor”的源代码 - Ubuntu中文
UbuntuHelp
讨论
查看源代码
历史
搜索
导航
首页
最近更改
随机页面
页面分类
帮助
编辑
编辑指南
沙盒
新闻动态
字词处理
工具
链入页面
相关更改
特殊页面
页面信息
查看“UbuntuHelp:FeistyLUKSTwoFormFactor”的源代码
来自Ubuntu中文
←
UbuntuHelp:FeistyLUKSTwoFormFactor
跳转至:
导航
,
搜索
因为以下原因,你没有权限编辑本页:
您所请求的操作仅限于该用户组的用户使用:
用户
您可以查看与复制此页面的源代码。
== Setup Two Form Factor LUKS Whole Disk Encryption == If you've successfully booted into the single form factor LUKS encrypted whole disk installation then you can continue setting up the system with the USB cryptKey for Two Form Factor authentication. === Edit /etc/crypttab === Edit the `/etc/crypttab` file to reflect the items for Two Form authentication. Use the '''#FILENAME.luks''' from the random key step. Include a path if your encrypted USB flash drive filesystem has a directory structure that you are using to manage files. e.g., Under `/mnt/cryptkey/serverkeys` or `/mnt/cryptkey/laptopkey` etc. The '''#PATH''' is relative to the mount point. So, #PATH would be `serverkeys/#FILENAME.luks` or `laptopkey/#FILENAME.luks` <pre><nowiki> echo cryptVault /dev/sda3 /dev/cryptKey luks,cipher=aes-cbc-essiv:sha256,hash=sha512,lvm=vg00-lvroot,keyscript=/bin/usbcryptkey,twoform=/#PATH#FILENAME.luks >> /etc/crypttab </nowiki></pre> '''DELETE the original cryptValut entry which doesn't depend on the USB cryptKey''' === Open USB cryptKey === The `usbcryptkey` script should exist in `/bin`. ''If you have changed the location for `usbcryptkey` then you'll need to accomodate for that change in the `/etc/crypttab` file you just modified.'' If not currently mounted the script will prompt for the passphrase and mount the device. <pre><nowiki> usbcryptkey /dev/cryptKey </nowiki></pre> === Add Random Generated Key === Add the new key file to the root `cryptVault`. This should add to Slot 1. When you add the key you'll be prompted for a passphrase. The passphrase is the one used when setting up `/dev/sda3` ''not'' the passphrase used for the USB cryptKey. <pre><nowiki> cryptsetup luksAddKey /dev/sda3 /mnt/cryptkeys/#PATH#FILENAME.luks </nowiki></pre> === Update initramfs Image === Armed with the settings for Two Form authentication to unlock your system update the initramfs image to contain the new changes. <pre><nowiki> update-initramfs -u ALL </nowiki></pre> === Close USB cryptKey === <pre><nowiki> cd / usbcryptkey /dev/cryptKey </nowiki></pre> === Reboot === <pre><nowiki> reboot </nowiki></pre>
返回至
UbuntuHelp:FeistyLUKSTwoFormFactor
。