[systemd-devel] Cache passphrase for cryptsetup?
Matthew Monaco
matt at monaco.cx
Sun Apr 20 11:45:48 PDT 2014
On 04/19/2014 02:49 PM, Nikolaus Rath wrote:
> Hello,
>
> I have several LUKS encrypted volumes that use the same
> passphrase. Before switching to systemd, I have used the decrypt_keyctl
> keyscript to cache the passphrase, so that I have to enter it only once.
>
> As far as I can tell, the systemd cryptsetup generator is ignoring the
> keyscript option in /etc/crypttab when creating units.
>
> Is there another way to achieve passphrase caching with systemd?
>
>
> Thanks,
> -Nikolaus
>
No, 'keyscript' is not (currently) supported. IMHO, you're not reducing your
security any by e.g. unlocking /root and storing keys for the other volumes
there. If you did this, you might want to use a separate keyslot for the task
with a longer key that you don't/can't remember, just for kicks.
However, you could probably cook up some units that take your password, write it
to /run and then point all of your volumes their.
And of course, the third option would be to submit a patch. The src/cryptsetup
stuff is pretty straightforward.
More information about the systemd-devel
mailing list