# Automount as user a DM-Crypt / Luks encrypted usb HD

## orange_juice

Hallo,

I have followed the following wiki ( http://en.gentoo-wiki.com/wiki/DM-Crypt_with_LUKS#Creating_the_mapping.28s.29 ) to have my usb hard disk encrypted.

I access it using a pass phrase.

However, every time I wish to mount it, work and unmount it, I have to follow this procedure:

```
su

cryptsetup luksOpen /dev/sde1 dodeca

ntfs-3g /dev/mapper/dodeca /home/sda

Work

umount /home/sda

cryptsetup luksClose /dev/mapper/dodeca
```

Could I possibly just click on the icon of the usb HD that appears in my task manager, enter the pass phrase and have everything done automatically?

I am already being asked for a pass phrase when I click on the icon, but nothing else. The directory that opens, after that, is my home directory.

I would appreciate your help.

Kind regards,

orange_juice

----------

## DawgG

you can write an udev-rule for the two commands that should be run automatically (and don't forget /etc/fstab) or you could try pam_mount which should be able to do this automatically, too.

unmounting and luksClose will have to be done manually, or maybe on user-logout with pam_mount.

GOOD LUCK!

----------

## orange_juice

Hm, thanx for the answer!

The most convenient part of the issue would be to automount the disk at the /media/<name of the disk> folder. Since I will have to login as root in order to unmount it and close luks, then it is no problem to do it from the beginning and avoid the trouble of trying to find my way around udev.

Apparently, my story is a "not so simple" one and googling it, no much of information has been revealed. 

This WD usb disk, comes with a software that encrypts the data and asks for a password in a Window$ environment without adding too much frustration on the user who just plugs in the disk and manipulates the data. 

What do people using other OSs do to protect their data against a case of simply losing the hard disk, I am not talking about extreme scenarios! I just do not want to reveal some excel files of my work (about 250) and some other files and directories  ... to someone who accidentally bumped on my usb disk. 

 :Question: 

Kind regards,

orange_juice

----------

## toralf

Hhm,

under KDE-4.4.5 the device manager pops up an window as soon as I plug in an USB drive with an encrypted partition, letting me click on the appropriate action, eg. to mount it (which brings up a password query window) or to unmount it.

----------

## orange_juice

Indeed, I have kde 4.4.5 as a desktop environment.

However, when I type the password, I receive a message that the partition cannot be mounted.

Or, (when I entered the partition in /etc/conf.d/dmcrypt), it opened my home directory when I enetred the password.

In your box, does it mount it correctly? If yes, did you follow the same tutorial to encrypt your partition?

Kind regards,

orange_juice

----------

## toralf

Well, no problems so far here, I used parts of http://en.gentoo-wiki.com/wiki/Booting_encrypted_system_from_USB_stick#Setting_up_LUKS

I'm using a mostly stable Gentoo at a x86 and current kernel 2.6.37

----------

## orange_juice

Oh, thanx!

Actually, the difference seems only to be the crypt cipher. I will give it a try when I finish the preparation of the disk, and I will format the drive in a linux filesystem such as ext3 instead of ntfs.

Are you using LVM too?

kind regards,

orange_juice

----------

## toralf

 *orange_juice wrote:*   

> Are you using LVM too?

 No, I use a straight ext2 partition

(no ext3 b/c I use that drive as a backup solution, therefore there's no journaling necessary IMO.

----------

## orange_juice

OK ... 

The commands I typed after creating partition sde1 on /dev/sde are the following:

```
cryptsetup -y --cipher serpent-cbc-essiv:sha256 --key-size 256 luksFormat /dev/sde1

cryptsetup luksOpen /dev/sde1 luks

mke2fs /dev/mapper/luks

cryptsetup luksClose /dev/mapper/luks
```

When I unplugged the drive and plugged it again, an icon appeared on my taskbar that showed the usb drive with an open lock. Clicking on the lock, I was asked for the password, I typed it and I received 2 instances of the drive:

1) One showing the usb drive connected and ready to be used.

2) One showing the usb drive with a closed lock.

Clicking on ( 1 ), it opens my home directory.

Clicking on ( 2 ), it unmounts the drive.

The logs during this procedure showed these messages:

http://pastebin.com/mjWjTbcm

Dont now!   :Rolling Eyes: 

Kind regards,

orange_juice

----------

## toralf

You will see of course 2 icons - one shows you the encrypted partition as seen by the kernel, the 2nd shows you the content - meaning the decrypted partition as seen by the mapper - so this is expected.

----------

## orange_juice

OK, no problem as far as the 2 icons are concerned.

There is an issue, however, that I cannot spot.

I have focused on the log files that are closely connected to the event of trying to mount hte specified partition.

The lines that initiate when I enter the password are the following:

http://pastebin.com/iWZ4QVLy

When I am asked for the actions I wish to take with the usb drive and I chose "open with filemanager" I receive on the logs: (special device /dev/dm-1 does not exist)

```

Feb  7 14:59:02 daedalus fcron[9756]: Job rm -f /var/spool/cron/lastrun/cron.hourly completed

Feb  7 14:59:02 daedalus fcron[9756]: pam_unix(fcron:session): session closed for user root

Feb  7 14:59:57 daedalus hald[5079]: 14:59:57.004 [I] hald_dbus.c:5198: OK for method 'Mount' with signature 'ssas' on interface 'org.freedesktop.Hal.Device.Volume' for UDI '/org/freedesktop/Hal/devices/volume_uuid_13e215f7_e414_4470_906c_7f3c160199f7' and execpath 'hal-storage-mount'

Feb  7 14:59:57 daedalus hald[5079]: 14:59:57.005 [I] hald_dbus.c:4082: no need to enqueue

Feb  7 14:59:57 daedalus hald[5079]: 14:59:57.032 [I] device.c:1894: Removing locks from ':1.66'

Feb  7 14:59:57 daedalus hald[5079]: 14:59:57.032 [I] hald_dbus.c:4106: No more methods in queue

Feb  7 14:59:57 daedalus hald[5079]: 14:59:57.032 [I] hald_dbus.c:4169: failed with 'org.freedesktop.Hal.Device.Volume.UnknownFailure' 'mount: special device /dev/dm-1 does not exist '

Feb  7 14:59:57 daedalus hald[5079]: 14:59:57.032 [D] hotplug.c:500: events queued = 0, events in progress = 0

Feb  7 14:59:57 daedalus hald[5079]: 14:59:57.032 [D] hotplug.c:505: Hotplug-queue empty now ... no hotplug events in progress

Feb  7 15:00:00 daedalus fcron[10241]: pam_unix(fcron:session): session opened for user root by (uid=0)

Feb  7 15:00:00 daedalus fcron[10241]: Job /usr/bin/test -x /usr/sbin/run-crons && /usr/sbin/run-crons started for user root (pid 10242)
```

How could I turn this over?

Kind regards,

orange_juice

----------

## orange_juice

OK... googling it a bit, I found this post which closely relates to what experience.

https://bugs.launchpad.net/ubuntu/+source/gnome-mount/+bug/296750

The best solution that is suggested, is to manually mount the device ... OK!

Kind regards

orange_juice

----------

