Shell script: Opens LUKS Partition and Sets Up a Mapping [ Mounting Encrypted Partition ]

in Security last updated December 4, 2011

Linux comes with the cryptsetup command. It is used to setup dm-crypt (transparent disk encryption subsystem in Linux kernel) managed device-mapper mappings. This shell script can be used to mount dm-crypt based partitions with passphrase:

#!/bin/bash
# A simple shell to mount disk encryption based parition under Linux.
# Tested on Debian and Ubuntu base NAS servers.
# ----------------------------------------------------------------------------
# Written by Vivek Gite <http://www.cyberciti.biz/>
# (c) 2008 nixCraft under GNU GPL v2.0+
# ----------------------------------------------------------------------------
# Last updated: 05/Dec/2011
# ----------------------------------------------------------------------------
 
### commands ###
_crypt="/sbin/cryptsetup"
_vg="/sbin/vgscan"
_vgc="/sbin/vgchange"
_mnt="/bin/mount"
 
### SET ME FIRST ###
### Partition specific settings ###
### SET ME FIRST ###
_device="/dev/md3"
_name="securebackup"
_mnts="/dev/cryptvg/mybackup "
_mntd="/securebackup/"
 
echo 
${_crypt} luksOpen ${_device} $_name
 
echo 
${_vg} --mknodes
${_vgc} -ay
 
echo 
${_mnt} ${_mnts} ${_mntd}

This script is stored on our nas server. All backups are on RAID-6 disks are encrypted. The nas server is online 24×7. After rebooting the server you need to run this script to mount the dm-crypt based partition. A sample session is as follows:
$ ssh vivek@nas112.backup.lan.nixcraft.co.in $ sudo /usr/local/sbin/mount.crypt
Sample outputs:

Enter passphrase for /dev/md3: 

  Reading all physical volumes.  This may take a while...
  Found volume group "cryptvg" using metadata type lvm2
  1 logical volume(s) in volume group "cryptvg" now active

Verify disk space and newly mounted partition:
$ df -H
Sample outputs:

Filesystem             Size   Used  Avail Use% Mounted on
/dev/md0               127G   930M   120G   1% /
tmpfs                  1.1G      0   1.1G   0% /lib/init/rw
udev                   1.1G   267k   1.1G   1% /dev
tmpfs                  1.1G      0   1.1G   0% /dev/shm
/dev/md2               1.6T    88G   1.5T   6% /data
/dev/mapper/cryptvg-mybackup
                       635G    59G   544G  10% /securebackup

Tagged as: bash commands, crypt, cryptsetup command, disk encryption, kernel, linux, mapper, mount command, partition, shell script, vg, vgchange command, vgscan command

1 comment

Dinesh says:
December 14, 2011 at 2:15 pm
Hi folks,
Any body having goood snmp notes with all it command. I apreciate if anybody provides asap.

Have a question? Post it on our forum!