UNIX ON-LINE Man Pages - Die Onlinehilfe

Die Syntax von Unixbefehlen wird in den entsprechenden Manpages dokumentiert. Hier können Sie diese Onlinehilfe für viele Standardbefehle abrufen.

Seiten auflisten, welche beginnen mit:
A   B   C   D   E   F   G   H   I   J   K   L   M   N   O   P   Q   R   S   T   U   V   W   X   Y   Z   ALPHA   NUM   ANDERE   ALLE
CRYPTTAB(5)                    Cryptsetup Manual                   CRYPTTAB(5)

       crypttab - static information about crypted filesystems



       The file /etc/crypttab contains descriptive informations about
       encrypted volumes. Each volume is described on a separate line; columns
       on each line are separated by tabs or spaces. Lines starting with "#"
       are comments, empty lines are ignored. The order of records in crypttab
       is important because the /etc/init.d/boot.crypto script sequentially
       iterates through crypttab entries. All four columns are mandatory,
       missing or excessive columns will lead to unspecified behaviour.

       o   The first column, NAME specifies the mapped device name. It must be
           a plain filename without any directories. A mapped device
           /dev/mapper/NAME will be created by cryptsetup(8) crypting data
           from and onto the DEVICE.

           To actually mount that device it needs to be listed in /etc/fstab.

       o   The second column DEVICE specifies the block special device that
           should hold the encrypted data.

       o   The third column KEY specifies a file containing the raw binary key
           to use for decrypting the encrypted data of DEVICE. The key file
           can also be a device name (e.g.  /dev/urandom, which is useful for
           encrypted swap devices).

           If KEY is the string none, the key data (i.e. a password or
           passphrase) will be read interactively from the console. In this
           case the options precheck, check, checkargs and tries may be

           Warning: luks does not support infinite streams (like
           /dev/urandom), it requires a fixed size key. Typically one uses
           none for luks.

       o   The fourth field OPTIONS specifies the cryptsetup options
           associated with the encryption process. At minimum, the field
           should contain the string luks or the cipher, hash and size

           Options have to be specified in the format: key=value[,key=value

           Encryption algorithm. See cryptsetup -c.

           Encryption key size. See cryptsetup -s.

           Hash algorithm. See cryptsetup -h.

           Verify password. See cryptsetup -y.

           The backing device is read-only (eg: a dvd).

           Use device with luks extensions.

           Run mkswap on the created device.

           Run mkfs on the created device. The file system to use is specified
           in /etc/fstab. If /etc/fstab does not list the mapped device, ext2
           is used as fallback.

           Check the content of the mapped device by a suitable program; if
           the check fails the device is removed. The specified program is run
           giving the decrypted volume (/dev/mapper/NAME) as first and the
           value of the checkargs option as second argument. Cryptdisks
           searches for the given program in /lib/cryptsetup/checks/. If no
           program is specified, vol_id is used.

           Pass <argument> as second argument to the check script

           Check the source device by suitable program; if the check fails the
           device is not created; <precheck> is a script to check the source
           device. The source device is given as argument to the script. See
           also the check option.

           Prompt for the passphrase at most <num> times if the entered
           passphrase was wrong. Defaults is 3. Setting to 0 enabled infinite

           Time out interactive password prompts after <sec> seconds.

           Always attach a loop device before mapping the device. Normally a
           loop device is used automatically only for image files. Useful if
           the block size of the physical device does not match the block size
           of the contained file system. E.g. ext2 on a CD.

           Causes boot.crypto to skip this record during boot. To activate
           this volume later use: /etc/init.d/boot.crypto start <name>

           boot.crypto is invoked two times. The first time as
           boot.crypto-early before LVM and MD setup and the second time as
           boot.crypto after mounting local filesystems. This option skips the
           setup of the device in the first invocation. It might be needed for
           crypto file container existing on local filesystems other then

           tells mkinitrd to activate this device in the initrd already. Only
           LUKS and no other options are supported. The root partition is
           detected automatically by mkinitrd and doesn't need this option

           Set a string that is appended to the passphrase after hashing.
           Using different seeds for volumes with the same passphrase makes
           dictionary attacks harder. Use for compatability with loop-AES.

           Encrypts the hashed password <num> thousand times using AES-256.
           Use for compatability with loop-AES.

           Calls <path> and uses the output passphrase or key. If <path> is
           not absolute /lib/cryptsetup/scripts is prepended. The only
           argument passed to the specified program is the value of the key
           column. keyscript also works in the initrd if the specified program
           is self contained. To use the output as raw key specify hash=plain
           so cryptsetup doesn't hash it's input. Note that use of a keyscript
           is not supported by YaST so distribution updates could be
           problematic when used on mandatory partitions.

       loud, ssl, gpg
           not supported. Listed here as they are supported by Debian.

       check scripts are installed in /lib/cryptsetup/checks/ and are called
       either before (precheck option) or after (check option) the dm-crypt
       target is set up.


           Checks for any known filesystem. Supports a filesystem type as
           argument via <checkargs>:

       no checkargs
           succeeds if any valid filesystem is found on the device.

           succeeds if no valid filesystem is found on the device.

       "ext3", "xfs", "swap" etc
           succeeds if the given filesystem type is found on the device.

       There are three ways to unlock encrypted partitions during boot

       o   initrd: the root file system as well as any device listed in
           crypttab with option initrd are unlocked by the scripts in the
           initrd already.

       o   before mounting local file systems: the init script
           boot.crypto-early runs before the scripts that fsck and mount
           additional filesystems. This is the preferred way to unlock devices
           as the normal fsck and mount scripts can handle the device later in
           the boot process.

       o   after mounting local file systems: the boot.crypto init script is
           the traditional way of unlocking crypto devices. It runs after fsck
           and mount of local file systems.  boot.crypto should only be used
           for loop mounted images nowadays.

       fsck is run on unlocked, encrypted devices if the fs_passno value in
       fstab is non zero.

       Encrypted swap device
           cr_sda6 /dev/sda6 /dev/random swap

       Encrypted luks volume with interactive password
           cr_sda1 /dev/sda1 none luks

       Encrypted luks volume with interactive password, use a custom check
       script, no retries
           cr_sdc1 /dev/sdc1 none

       Encrypted volume with interactive password and a cryptoloop compatible
       twofish256 cipher
           cr_sda3 /dev/sda3 none

       cryptsetup(8), /etc/crypttab, fstab(8)

       Manual page converted to asciidoc by Michael Gebetsroither
       <michael.geb@gmx.at>. Originally written by Bastian Kleineidam
       <calvin@debian.org> for the Debian distribution of cryptsetup. Improved
       by Jonas Meurer <jonas@freesources.org>. Modified for SUSE Linux by
       Ludwig Nussel <ludwig.nussel@suse.de>. Parts of this manual were taken
       and adapted from the fstab(5) manual page.

cryptsetup                        02/02/2010                       CRYPTTAB(5)

Scannen Sie den Barcode um die Webseite zu öffnen

Quelle: http://www.trinler.net/de/service/doc/linux/man.html?command=crypttab
Gedruckt am: 11.12.2017 06:51 GMT+0100 (2017-12-11T06:51:02+01:00)