Pogoplug as backup server with LVM and encryption [resolved]

This forum is for all other ARMv5 devices

Pogoplug as backup server with LVM and encryption [resolved]

Postby Nyko » Thu Oct 06, 2011 10:10 am

Hi,

On my pogoplug pro i installed archlinux without any problems. I would like the pogoplug to act as a backup server on a other site then the files i am backing up. So i bought two external hard drives and created one big disk using LVM.

Now i would like to encrypt the external disks. I looked at truecrypt and ecryptfs but both are quite a hassle to get working in archlinux (pogoplug version) in my opinion. Anyone got encryption working ?

I also would like to be able to rsync/ssh to the pogoplug, mount the encrypted disk, do the backup and unmount.

Any ideas ?

Thanx

Nyko
Last edited by Nyko on Wed Nov 02, 2011 1:54 pm, edited 2 times in total.
Nyko
 
Posts: 4
Joined: Thu Oct 06, 2011 9:57 am

Re: Pogoplug as backup server, with LVM and encryption

Postby Geoff » Thu Oct 06, 2011 8:41 pm

$this->bbcode_second_pass_quote('Nyko', 'N')ow i would like to encrypt the external disks. I looked at truecrypt and ecryptfs but both are quite a hassle to get working in archlinux (pogoplug version) in my opinion. Anyone got encryption working ?

I have cryptsetup installed, but I can't use it yet because the device-mapper kernel module "dm_mod" does not exist. It's one of those things that I hope will come with an updated kernel (keeping my fingers crossed).
Geoff
 
Posts: 231
Joined: Wed Mar 09, 2011 5:14 pm

Re: Pogoplug as backup server, with LVM and encryption

Postby Nyko » Thu Oct 06, 2011 9:35 pm

I can do a # modprobe dm_mod

But when i try the following. I get a lot of errors.

[root@alarm ~]# cryptsetup -c aes-xts-plain -y -s 512 luksFormat /dev/sdd1

WARNING!
========
This will overwrite data on /dev/sdd1 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
device-mapper: reload ioctl failed: Invalid argument
Failed to setup dm-crypt key mapping for device /dev/sdd1.
Check that kernel supports aes-xts-plain cipher (check syslog for more info).
Nyko
 
Posts: 4
Joined: Thu Oct 06, 2011 9:57 am

Re: Pogoplug as backup server, with LVM and encryption

Postby Geoff » Fri Oct 07, 2011 12:28 am

$this->bbcode_second_pass_quote('Nyko', 'I') can do a # modprobe dm_mod

Thanks for the tip. I did that, and I added dm_mod to MODULES in /etc/rc.conf. Then I tried opening an encrypted USB stick that I had previously formatted successfully on my laptop using the same parameters as you used (-c aes-xts-plain -s 512). Result: I got pretty much the same error message as you did.
$this->bbcode_second_pass_code('', 'device-mapper: reload ioctl failed: Invalid argument
Failed to setup dm-crypt key mapping for device /dev/sdc2.
Check that kernel supports aes-xts-plain cipher (check syslog for more info).
Failed to read from key storage.')
Geoff
 
Posts: 231
Joined: Wed Mar 09, 2011 5:14 pm

Re: Pogoplug as backup server, with LVM and encryption

Postby Nyko » Fri Oct 07, 2011 2:27 pm

The command: $this->bbcode_second_pass_code('', 'cryptsetup -c aes-xts-plain -y -s 512 luksFormat /dev/sdd1') is used to create a crypted partition.

I also tried to do it with truecrypt. I was able to create the crypted partiotion but when i try to mount it, i get the same errors.

$this->bbcode_second_pass_code('', 'Error: device-mapper: reload ioctl failed: Invalid argument
Command failed')
Nyko
 
Posts: 4
Joined: Thu Oct 06, 2011 9:57 am

Re: Pogoplug as backup server, with LVM and encryption

Postby Nyko » Wed Nov 02, 2011 10:19 am

It works now. This is what i did:

1. Create partition using fdisk
2. Encrypt partition:
cryptsetup luksFormat /dev/[your device] -c aes -s 256 -h sha256
3.Create keyfile (or use passphrase):
dd if=/dev/urandom of=mykeyfile bs=512 count=4
4. Create a LUKS encrypted partition with the created keyfile (remove externals.key when using a passphrase)
cryptsetup luksFormat /dev/sdb1 -c aes -s 256 -h sha256 externals.key
5. Load required kernel modules
modprobe dm-crypt
6.Open the encrypted partion for use
cryptsetup luksOpen /dev/[your device] externals --key-file externals.key
Now you created the device under /dev/mapper/name
7.Create a filesystem on the encrypted disk
mkfs.ext2 /dev/mapper/name
8. Mount the encrypted disk
mount /dev/mapper/name /mnt/name

I also used pam_mount to mount the encrypted partition when login and umount when logout:
https://wiki.archlinux.org/index.php/Pam_mount
Nyko
 
Posts: 4
Joined: Thu Oct 06, 2011 9:57 am

Re: Pogoplug as backup server with LVM and encryption [resol

Postby Geoff » Thu Nov 03, 2011 1:17 am

Good work, Nyko! I think I might wait until we have a kernel module for aes-xts-plain, because I have drives already encrypted using that. Meanwhile, I would be very interested to see a comparison of read and write speeds with and without encryption, preferably for a hard drive (USB and/or SATA). The PLX7820 chip has a special-purpose hardware module for AES encryption that I hope is utilized, so that encryption might be possible with little or no compromise in read/write speed or additional cpu load.
Geoff
 
Posts: 231
Joined: Wed Mar 09, 2011 5:14 pm


Return to Community Supported

Who is online

Users browsing this forum: No registered users and 3 guests