From owner-freebsd-questions@FreeBSD.ORG Wed Nov 7 13:25:48 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 470AD16A474 for ; Wed, 7 Nov 2007 13:25:48 +0000 (UTC) (envelope-from josh@tcbug.org) Received: from cenn-smtp.mc.mpls.visi.com (cenn.mc.mpls.visi.com [208.42.156.9]) by mx1.freebsd.org (Postfix) with ESMTP id 1CF9213C4D5 for ; Wed, 7 Nov 2007 13:25:47 +0000 (UTC) (envelope-from josh@tcbug.org) Received: from mail.tcbug.org (mail.tcbug.org [208.42.70.163]) by cenn-smtp.mc.mpls.visi.com (Postfix) with ESMTP id 146A28321; Wed, 7 Nov 2007 07:25:42 -0600 (CST) Received: from build64.tcbug.org (unknown [208.42.70.167]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.tcbug.org (Postfix) with ESMTP id 6AE4110AA864; Wed, 7 Nov 2007 07:25:36 -0600 (CST) From: Josh Paetzel To: freebsd-questions@freebsd.org Date: Wed, 7 Nov 2007 07:25:35 -0600 User-Agent: KMail/1.9.7 References: <20071107131345.GA10158@server.idefix.lan> In-Reply-To: <20071107131345.GA10158@server.idefix.lan> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart12349197.v6KEr7eyvv"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200711070725.40416.josh@tcbug.org> Cc: Matthias Fechner Subject: Re: Autoattach geli device but not at startup X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Nov 2007 13:25:48 -0000 --nextPart12349197.v6KEr7eyvv Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Wednesday 07 November 2007 07:13:45 am Matthias Fechner wrote: > Hi, > > I have here a setup where some backup directories are mounted > encrypted (using geli). > rc.conf: > geli_devices=3D"ad3" > geli_ad3_flags=3D"-k /root/backup1.key" > ... > > But if the system must be rebooted it asks for the password before a > network connection is available. > The computer has no keyboard via default so it is really a pain to get > the system up again. > > Is their a possibility to do something like that after the reboot: > mount /mnt/backup1 > and mount starts geli and geli will ask for the passphrase? > > Thanks, > Matthias This is one of those cases where I would alter the base system a bit. I'd= =20 fiddle with the #REQUIRE in /etc/rc.d/geli to get it to start after sshd,=20 perhaps change it from initrandom to sshd. You can check to make sure the= =20 changes are sane by running rcorder manually. If you go this route the console will still prompt for the passphrase, but= =20 you'll be able to ssh in and run /etc/rc.d/geli start manually, which after= =20 it ran, would automagically run everything after it in rcorder =2D-=20 Thanks, Josh Paetzel PGP: 8A48 EF36 5E9F 4EDA 5A8C 11B4 26F9 01F1 27AF AECB --nextPart12349197.v6KEr7eyvv Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQBHMbzUJvkB8SevrssRAl5RAJ41KiF9fo2myUg91D1RgB3PnDDtmQCfeMoH SGyMbgygsw2ILosMGqnLBiY= =KI4A -----END PGP SIGNATURE----- --nextPart12349197.v6KEr7eyvv--