# Automounting Truecrypt volume

## Nicias

Ok, I know this is somewhat nonsense, but here is my situation. I have a truecrypt external harddrive. Right now it is moved from machine to machine when data needs to be accessed. This is inconvenient. I will be setting up a git/nfs server and want to leave the external drive plugged into the server, and always mounted. 

I would like this server to be always on, and come on after reboot. That means that it must auto mount the external drive with no interaction. As I see it, there is no good way to do this. If I put the key on a usb drive or somesuch, I might as well leave it on the server, and then I might as well leave the harddrive unencrypted.  So, the server needs to get some information from its environment to decrypt the harddrive. So here was my thought:

Leave the harddrive as it is, with a strong passphrase. 

store the passphrase, encrypted with a second passphrase on the server.

 that second passphrase is not stored anywhere, but rather can be dynamically created on the fly, as long as the computer is wired into the local network.

For example, right now running the following command on my laptop will show I am on my current network.

```

# arp | grep wlan0 | sed "s: ::g"

192.168.1.1ether95:1d:f3:29:12:23Cwlan0

```

So  I would encrypt my already-in-use passphrase with this new one, store it on the server, and then do something like this:

```

# truecrypt -t --password=`gpg2 --batch --passphrase \`arp | grep wlan0 | sed "s: ::g" \` -q --no-mdc-warning -d passphrase.gpg` --mount volume.tc /mnt/shared --non-interactive 

```

I know this isn't perfect, but I don't think in this case I can actually have my cake and eat it too. However, I would like some advice on how to improve the "dynamic passphrase" generation. The arp example is flawed in that someone could recreate the output of the arp/grep/sed combo by looking through the logs.  It looks like the network is the only thing that I can use for this, is there some piece of information I could use that won't be logged? I will be on a wired network, but there is also a wireless network available (in that I have a card I could use it to pull information like ssid, etc.)

----------

## Hu

How often does this server get rebooted?  You might be better served arranging that it not get cycled often and then just live with manually mounting the external drive in the rare case that the server was rebooted.

----------

