From owner-freebsd-questions@FreeBSD.ORG Wed Nov 7 18:53:48 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3E48016A420 for ; Wed, 7 Nov 2007 18:53:48 +0000 (UTC) (envelope-from fbsd06+QA=127049e0@mlists.homeunix.com) Received: from turtle-out.mxes.net (turtle-out.mxes.net [216.86.168.191]) by mx1.freebsd.org (Postfix) with ESMTP id 158DC13C4A7 for ; Wed, 7 Nov 2007 18:53:47 +0000 (UTC) (envelope-from fbsd06+QA=127049e0@mlists.homeunix.com) Received: from mxout-04.mxes.net (mxout-04.mxes.net [216.86.168.179]) by turtle-in.mxes.net (Postfix) with ESMTP id B329F16467B for ; Wed, 7 Nov 2007 13:34:18 -0500 (EST) Received: from gumby.homeunix.com. (unknown [87.81.140.128]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTP id B6AF8D05A2 for ; Wed, 7 Nov 2007 13:34:06 -0500 (EST) Date: Wed, 7 Nov 2007 18:34:02 +0000 From: RW To: freebsd-questions@freebsd.org Message-ID: <20071107183402.271e98d1@gumby.homeunix.com.> In-Reply-To: <200711070725.40416.josh@tcbug.org> References: <20071107131345.GA10158@server.idefix.lan> <200711070725.40416.josh@tcbug.org> X-Mailer: Claws Mail 3.0.2 (GTK+ 2.12.1; i386-portbld-freebsd6.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: Autoattach geli device but not at startup X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Nov 2007 18:53:48 -0000 On Wed, 7 Nov 2007 07:25:35 -0600 Josh Paetzel wrote: > On Wednesday 07 November 2007 07:13:45 am Matthias Fechner wrote: > > Hi, > > > > I have here a setup where some backup directories are mounted > > encrypted (using geli). > > rc.conf: > > geli_devices="ad3" > > geli_ad3_flags="-k /root/backup1.key" > > ... > > > > But if the system must be rebooted it asks for the password before a > > network connection is available. > > The computer has no keyboard via default so it is really a pain to > > get the system up again. > > > > Is their a possibility to do something like that after the reboot: > > mount /mnt/backup1 > > and mount starts geli and geli will ask for the passphrase? > > > > Thanks, > > Matthias > > This is one of those cases where I would alter the base system a > bit. I'd fiddle with the #REQUIRE in /etc/rc.d/geli to get it to > start after sshd, perhaps change it from initrandom to sshd. You can > check to make sure the changes are sane by running rcorder manually. I suspect they won't be and that you will run into problems with fsck and mount not being able to find the .eli partitions. > If you go this route the console will still prompt for the > passphrase, but you'll be able to ssh in and run /etc/rc.d/geli start > manually, which after it ran, would automagically run everything > after it in rcorder Wouldn't you have to kill the original /etc/rc.d/gel process? I think it would just be easier to write a script to handle the attach, fsck, and mount.