Ubuntu: How to change the password of an encrypted LVM system (done with the alternate Installation)?



Question:

I installed Ubuntu 11.10 with the alternate CD and encrypted the whole system (except boot) with the encrypted LVM. Everything works great as before, but I would like to change the password of the encrypted LVM. I tried to follow the Tips and Tricks of this article, but it does not work. After typing:

sudo cryptsetup luksDump /dev/sda5  

It says: "Device /dev/sd5 doesn't exist or access denied." I thought the encrypted partition is /dev/sda5. Any help how to change the password?


Solution:1

Here is the answer that worked for me, after Hamish helped me to realize my typo:

To add a new password, use luksAddKey:

sudo cryptsetup luksAddKey /dev/sda5  

To remove an existing password, use luksRemoveKey:

sudo cryptsetup luksRemoveKey /dev/sda5  

Cited from this blog. Thanks.


Solution:2

Download "Disks" from Software Manager. Run it. Select your encrypted device partition. Click gear icon. Select "Change passphrase". That's it


Solution:3

The encrypted partition may well be using /dev/sda5 (note the a in sda5) and that is the device you probably need to use (unless that is just a typo in your question).

However the encrypted device itself will have another name - something like /dev/mapper/cryptroot. For the device name you could:

  • look in the file /etc/crypttab - this will have both the partition and the mapper name in it, but only for permanent partitions
  • run mount and see what the mapper name is - this is useful when you have plugged in an encrypted disk via USB. (Though I'm not sure how you then find the actual underlying device name).


Solution:4

Without thinking I set the passphrase to be really long, and it became a pain to type. I ended up using the following to change it to something more manageable.

sudo cryptsetup luksChangeKey /dev/sda5  


Solution:5

To see the slots used:

sudo cryptsetup luksDump /dev/sda5  

And to find out which partition to use

cat /etc/crypttab  

And if it is listed by uuid, use

ls -l /dev/disk/by-uuid/{insert your uuid here}  

Then use

sudo cryptsetup luksAddKey /dev/sda5  sudo cryptsetup luksRemoveKey /dev/sda5  

or

sudo cryptsetup luksChangeKey /dev/sda5  

and for faster reference (assuming only 1 entry in /etc/crypttab)

sudo cryptsetup luksAddKey /dev/disk/by-uuid/$(cat /etc/crypttab | sed -e "s|\(.*\) UUID=\(.*\) none.*|\2|g")  sudo cryptsetup luksChangeKey /dev/disk/by-uuid/$(cat /etc/crypttab | sed -e "s|\(.*\) UUID=\(.*\) none.*|\2|g")  

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »