Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 7 Nov 2007 18:34:02 +0000
From:      RW <fbsd06@mlists.homeunix.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: Autoattach geli device but not at startup
Message-ID:  <20071107183402.271e98d1@gumby.homeunix.com.>
In-Reply-To: <200711070725.40416.josh@tcbug.org>
References:  <20071107131345.GA10158@server.idefix.lan> <200711070725.40416.josh@tcbug.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, 7 Nov 2007 07:25:35 -0600
Josh Paetzel <josh@tcbug.org> wrote:

> On Wednesday 07 November 2007 07:13:45 am Matthias Fechner wrote:
> > Hi,
> >
> > I have here a setup where some backup directories are mounted
> > encrypted (using geli).
> > rc.conf:
> > geli_devices="ad3"
> > geli_ad3_flags="-k /root/backup1.key"
> > ...
> >
> > But if the system must be rebooted it asks for the password before a
> > network connection is available.
> > The computer has no keyboard via default so it is really a pain to
> > get the system up again.
> >
> > Is their a possibility to do something like that after the reboot:
> > mount /mnt/backup1
> > and mount starts geli and geli will ask for the passphrase?
> >
> > Thanks,
> > Matthias
> 
> This is one of those cases where I would alter the base system a
> bit.  I'd fiddle with the #REQUIRE in /etc/rc.d/geli to get it to
> start after sshd, perhaps change it from initrandom to sshd.  You can
> check to make sure the changes are sane by running rcorder manually.

I suspect they won't be and that you will run into problems with
fsck and mount not being able to find the .eli partitions. 

> If you go this route the console will still prompt for the
> passphrase, but you'll be able to ssh in and run /etc/rc.d/geli start
> manually, which after it ran, would automagically run everything
> after it in rcorder

Wouldn't you have to kill the original /etc/rc.d/gel process?


I think it would just be easier to write a script to handle the
attach, fsck, and mount.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071107183402.271e98d1>