Problems mounting an encrypted volume on a different computer

11.04 10.04 mount encryption usb-drive
8,263

It seems trouble around automount feature.
Try uncheck this option and mount/unmount drive after logout/login.

Just due to mount/unmount of encrypted drives requires a bit more time for this operation - with automount option it can bring such little confuse. Logically.

But in practice it can be also multiuser exploring of your drives, by edge case.

Refer to this tutorial about two types of partition mounting:

I recommend you read part called "Unmounting a partition to prevent unwanted access".

Post Updates

WebUpd8.org post around mount/unmount :
How to remove mounted drives from the Ubuntu Unity launcher

LUKS encryption related

Official LUKS project: http://code.google.com/p/cryptsetup
FAQ: LUKS Frequently Asked Questions

Obviously it seems can be Natty Narwhal specific bug.
Need to say what launchpad fix especially for natty won't be released.
However, bug fixes for other distributions is exist.

Links for you:
LUKS: General Questions: 1.3 System Specific warnings
LUKS: Common Problems
LUKS: Issues with Specific Versions of cryptsetup

As edge solution you can add new and then remove old LUKS encryption key:

   $ sudo cryptsetup luksAddKey /dev/sdb [key|keyfile]  
   $ sudo cryptsetup luksRemoveKey /dev/sdb [key|keyfile]

From LUKS: Common Problems: 3.4 Unlocking a LUKS device takes very long. Why?

The iteration time for a key-slot (see Section 5 for an explanation what iteration does) is calculated when setting a passphrase. By default it is 1 second on the machine where the passphrase is set. If you set a passphrase on a fast machine and then unlock it on a slow machine, the unlocking time can be much longer. Also take into account that up to 8 key-slots have to be tried in order to find the right one.

If this is problem, you can add another key-slot using the slow machine with the same passphrase and then remove the old key-slot. The new key-slot will have an iteration count adjusted to 1 second on the slow machine. Use luksKeyAdd and then luksKillSlot or luksRemoveKey.

However, this operation will not change volume key iteration count (MK iterations in output of "cryptsetup luksDump"). In order to change that, you will have to backup the data in the LUKS container (i.e. your encrypted data), luksFormat on the slow machine and restore the data. Note that in the original LUKS specification this value was fixed to 10, but it is now derived from the PBKDF2 benchmark as well and set to iterations in 0.125 sec or 1000, whichever is larger. Also note that MK iterations are not very security relevant. But as each key-slot already takes 1 second, spending the additional 0.125 seconds really does not matter.

Another LUKS tutorial:
HOWTO: Automatically Unlock LUKS Encrypted Drives With A Keyfile

Share:
8,263

Related videos on Youtube

HorusKol
Author by

HorusKol

Software developer.

Updated on September 18, 2022

Comments

  • HorusKol
    HorusKol over 1 year

    I have a set of external hard drives that I use for backups of my photos and images. They were formatted as EXT4 and setup with encryption from a laptop running Ubuntu 10.04 - and I've had no problems with mounting and running rsync on my image folders to backup new files to the disks.

    I recently acquired a netbook for travel purposes, and am trying to get the drives to also work on this so I can make backups while on holiday. The netbook is running Ubuntu 11.04.

    When I first plugged in one of the drives, I was asked for the password, which I entered, and the disk activity light started blinking, but no file window opened as I expected. However, I did not get any error messages, either.

    When I opened a file window, I could see the volume listed as "Backup Alpha" (the disk's name) but when I tried to open it, I received the error:

    Unable to mount "Backup Alpha"

/dev/dm-0 is mounted

    When I try to unmount the drive, by right-clicking and selecting the "safely remove drive" option, I get the message:

    Unable to stop 500 GB Hard Drive

One or more block devices are holding /dev/sdb

    One problem I did have when initially trying to access the drive was that cryptsetup had not yet been installed on the computer, and so the first time I tried to enter a password and access the drive failed.

    I found a way to disable automount, but now I'm having problems manually mounting the drive:

    $ sudo mount /dev/sdb /media/backup -o uid=1000,gid=1000,utf8,dmask=027,fmask=137
mount: unknown filesystem type 'crypto_LUKS'

    I found some help at http://ubuntuforums.org/showthread.php?t=868681 and tried:

    $ mkdir /media/backup
$ modprobe dm-crypt
$ cryptsetup luksOpen /dev/sdb backup
$ vgchange -ay
$ mount /dev/("volume group name") /media/backup

    The problem is that vgchange doesn't output any volume groups, and I still can't mount /dev/sdb

    • user311982
      user311982 almost 8 years
      You mentioned your use of cryptsetup: When mounting volumes that are encrypted, you must first run sudo cryptsetup luksOpen /dev/sdb backupand then run sudo mount /dev/mapper/backup /media/backup. If you don't have a /media/backup folder, then you must create one by running sudo mkdir /media/backup before mounting /dev/mapper/backup.
  • HorusKol
    HorusKol about 12 years
    where is this option?
  • HorusKol
    HorusKol about 12 years
    turned it up at help.ubuntu.com/community/Mount/USB#Configuring_Automounting - was confused because the documentation refers to gnome, not unity
  • swift
    swift about 12 years
    hm ... No. This help refers to Ubuntu Help, not GNOME. I have other helpful link for your Oneiric: webupd8.org/2011/04/how-to-remove-mounted-drives-from.html
  • swift
    swift about 12 years
    sorry, Natty Narwhal :) Post updated. Hope it help you to figure out your the best solution.
  • HorusKol
    HorusKol about 12 years
    i meant my link... but I have been able to disable automounting - my problem now is the unknown format...
  • swift
    swift about 12 years
    "mount -o" options set depends on specific filesystem. "vgchange" works for active volume only. linux.die.net/man/8/mount
  • swift
    swift about 12 years
    I mean ... you are sure that this option set suitable for EXT4 ?
  • swift
    swift about 12 years
    try "cryptsetup status <mapping name>" From linux.die.net/man/8/cryptsetup: " LUKS checks for a valid password or key when an encrypted partition is unlocked. Thus the luksOpen action fails with invalid password or key, contrary to the plain dm-crypt create action. Please also be sure that you are using the same keyboard and language setting as during device format."

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Auto mount usb drive from udev rules and shell script
Formatting Pen Drive causes 'Daemon Is Inhibited' Error
Keyboard layout on Macbook Pro doesn't fit the symbols on the keys
How can I tell if my hard drive is encrypted?
encfs won't decrypt my encrypted folder - password incorrect
Cannot mount USB disks due to "not authorized" error
Auto-mounting network shares per user
External hard drive won't mount
cryptsetup: waiting for encrypted source device /swapfile
Unit -.mount mount does not exist, proceeding anyway