Shell script: Opens LUKS Partition and Sets Up a Mapping [ Mounting Encrypted Partition ]

by Vivek Gite on December 4, 2011

Linux comes with the cryptsetup command. It is used to setup dm-crypt (transparent disk encryption subsystem in Linux kernel) managed device-mapper mappings. This shell script can be used to mount dm-crypt based partitions with passphrase:

#!/bin/bash
# A simple shell to mount disk encryption based parition under Linux.
# Tested on Debian and Ubuntu base NAS servers.
# ----------------------------------------------------------------------------
# Written by Vivek Gite <http://www.cyberciti.biz/>
# (c) 2008 nixCraft under GNU GPL v2.0+
# ----------------------------------------------------------------------------
# Last updated: 05/Dec/2011
# ----------------------------------------------------------------------------
### commands ###
_crypt="/sbin/cryptsetup"
_vg="/sbin/vgscan"
_vgc="/sbin/vgchange"
_mnt="/bin/mount"
### SET ME FIRST ###
### Partition specific settings ###
### SET ME FIRST ###
_device="/dev/md3"
_name="securebackup"
_mnts="/dev/cryptvg/mybackup "
_mntd="/securebackup/"
echo
${_crypt} luksOpen ${_device} $_name
echo
${_vg} --mknodes
${_vgc} -ay
echo
${_mnt} ${_mnts} ${_mntd}

#!/bin/bash

# A simple shell to mount disk encryption based parition under Linux.

# Tested on Debian and Ubuntu base NAS servers.

# ----------------------------------------------------------------------------

# Written by Vivek Gite <http://www.cyberciti.biz/>

# ----------------------------------------------------------------------------

# Last updated: 05/Dec/2011

# ----------------------------------------------------------------------------

### commands ###

_crypt="/sbin/cryptsetup"

_vg="/sbin/vgscan"

_vgc="/sbin/vgchange"

_mnt="/bin/mount"

### SET ME FIRST ###

### Partition specific settings ###

### SET ME FIRST ###

_device="/dev/md3"

_name="securebackup"

_mnts="/dev/cryptvg/mybackup "

_mntd="/securebackup/"

echo

${_crypt} luksOpen ${_device} $_name

echo

${_vg} --mknodes

${_vgc} -ay

echo

${_mnt} ${_mnts} ${_mntd}

This script is stored on our nas server. All backups are on RAID-6 disks are encrypted. The nas server is online 24×7. After rebooting the server you need to run this script to mount the dm-crypt based partition. A sample session is as follows:
$ ssh vivek@nas112.backup.lan.nixcraft.co.in $ sudo /usr/local/sbin/mount.crypt
Sample outputs:

Enter passphrase for /dev/md3:
  Reading all physical volumes.  This may take a while...
  Found volume group "cryptvg" using metadata type lvm2
  1 logical volume(s) in volume group "cryptvg" now active

Enter passphrase for /dev/md3:

Reading all physical volumes. This may take a while...

Found volume group "cryptvg" using metadata type lvm2

1 logical volume(s) in volume group "cryptvg" now active

Verify disk space and newly mounted partition:
$ df -H
Sample outputs:

Filesystem             Size   Used  Avail Use% Mounted on
/dev/md0               127G   930M   120G   1% /
tmpfs                  1.1G      0   1.1G   0% /lib/init/rw
udev                   1.1G   267k   1.1G   1% /dev
tmpfs                  1.1G      0   1.1G   0% /dev/shm
/dev/md2               1.6T    88G   1.5T   6% /data
/dev/mapper/cryptvg-mybackup
                       635G    59G   544G  10% /securebackup

Filesystem Size Used Avail Use% Mounted on

/dev/md0 127G 930M 120G 1% /

tmpfs 1.1G 0 1.1G 0% /lib/init/rw

udev 1.1G 267k 1.1G 1% /dev

tmpfs 1.1G 0 1.1G 0% /dev/shm

/dev/md2 1.6T 88G 1.5T 6% /data

/dev/mapper/cryptvg-mybackup

635G 59G 544G 10% /securebackup

Tagged as: bash commands, crypt, cryptsetup command, disk encryption, kernel, linux, mapper, mount command, partition, shell script, vg, vgchange command, vgscan command

{ 1 comment… add one }

Dinesh December 14, 2011, 2:15 pm
Hi folks,
Any body having goood snmp notes with all it command. I apreciate if anybody provides asap.
Reply Link

Next Script: Simple Shell Script To Wake Up NAS Devices Using Linux or Unix Computer

Previous Script: Linux Shell Script To Backup and Restore MBR (Master Boot Recored)