FreeBSD
- 使用系统自带的geli命令对/home/test加密
- 要将/mnt挂载点独立一个分区出来,以免手动调整分区
- 如果是aws,则把数据盘EBS挂载到/home/test
首次创建加密盘
- aws的话先创建分区,记得先umount原来分区
-
AWS:用gpart创建分区
1
2
3
4# gpart create -s gpt xbd1
xbd1 created
# gpart add -t freebsd-ufs xbd1
xbd1p1 added -
安装: 先将原本的/mnt umount
1
2
3
4
5# df -ah
/dev/mfid0p7 9.7G 164k 8.9G 0% /home
/dev/mfid0p8 518G 52k 477G 0% /mnt
# umount /mnt
-
创建口令
1
2
3#geli init -s 4096 /dev/mfid0p8
Enter new passphrase:
Reenter new passphrase: -
将口令与分区关联
1
2#geli attach /dev/mfid0p8
Enter passphrase:完成后,将生成/dev/mfid0p8.eli设备
-
创建新文件系统并挂载
1
2#newfs -b 16384 -U /dev/mfid0p8.eli
#mkdir /home/test && mount /dev/mfid0p8.eli /home/test
重启系统后恢复加密盘
-
将口令与分区关联
1
2#geli attach /dev/mfid0p8
Enter passphrase:完成后,将生成/dev/mfid0p8.eli设备
-
挂载加密盘
1
#mount /dev/mfid0p8.eli /home/test
Debian
- 采用cryptsetup(可能需要aptitude install cryptsetup)对/home/test加密,注意要将/mnt挂载点独立一个分区出来.
首次创建加密盘
-
先将原本的/mnt umount
1
2
3
4#df -ah
/dev/sda7 9.9G 151M 9.2G 2% /home
/dev/sda8 177G 189M 168G 1% /mnt
#umount /mnt -
格式化加密盘
1
2
3
4
5
6
7
8
9#cryptsetup luksFormat /dev/sda8
WARNING!
========
This will overwrite data on /dev/sdb1 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Command successful. -
使用cryptsetup luksOpen命令打开加密分区.
1
2
3
4# cryptsetup luksOpen /dev/sda8 private
Enter LUKS passphrase:
key slot 0 unlocked.
Command successful.完成后,生成/dev/mapper/private 设备
-
格式化设备并挂载
1
2
3#mkfs.ext4 /dev/mapper/private
#mkdir /home/test
#mount /dev/mapper/private /home/test
5.编辑`/etc/fstab`,去掉对应条目
重启系统后恢复加密盘
-
使用cryptsetup luksOpen命令打开加密分区.
1
2
3
4# cryptsetup luksOpen /dev/sda8 private
Enter LUKS passphrase:
key slot 0 unlocked.
Command successful.完成后,生成/dev/mapper/private 设备
-
挂载
1
#mount /dev/mapper/private /home/test
赏
支付宝打赏
微信打赏
支付宝打赏
微信打赏
赞赏一下
