我正在尝试使用脚本远程配置主机。 但是在执行cryptsetup luksOpen
时会失败这是我的功能:
ssh-keygen -y -f $pk > authorized_keys
scp -P $port authorized_keys vagrant@localhost:~/.ssh/
vagrant ssh -c "chmod 600 ~/.ssh/authorized_keys"
rm authorized_keys
#
因此我的日志对于luksFormat是正确的,但是使用luksOpen失败
# used to encrypt the volume
# $1 the ssh connect
# $2 the partition
# $3 the password
# $4 the LUKSName
encrypt(){
ssh $1 << EOF
sudo -s
# convert the partition to the LUKS format
echo "About to init luks on partition: cryptsetup luksFormat $2 with [YES, $3, $3]"
(
echo YES
echo $3
echo $3
) | cryptsetup -v luksFormat $2
sleep 3
echo "About to mount and format: cryptsetup luksOpen $2 $4 with [$3]"
(
echo $3
) | cryptsetup -v luksOpen $2 $4
# Create an EXT4 file system on the LUKS logical volume
mkfs.ext4 /dev/mapper/$4
# optional create the luks.key
echo $3 > /root/luks.key
echo "About to create the luksKey: cryptsetup luksAddKey $2 /root/luks.key with [$3]"
(
echo $3
) | cryptsetup luksAddKey $2 /root/luks.key
# enter the new volume in /etc/fstab
echo "/dev/mapper/$4 /$4 ext4 defaults 1 2" >> /etc/fstab
# create the mount point
mkdir /$4
#mount the luks volume
mount /$4
EOF
}
当我手动操作时,它正在工作。
这是调试跟踪:
About to init luks on partition: cryptsetup luksFormat /dev/sdb1 with [YES, pwd, pwd]
Command successful.
About to mount and format: cryptsetup luksOpen /dev/sdb1 mongo_data with [pwd]
No key available with this passphrase.
Command failed with code 1: No key available with this passphrase.
似乎没有读取输入意味着它没有得到我的密码......
你有没有想法?
此致
答案 0 :(得分:1)
加密容器的密码为YES ...当标准输入不是终端时,cryptsetup luksFormat不执行对话;它只读取一行并将其用作密码。