Rechercher une page de manuel
mount.crypt_LUKS
Langue: en
Version: 364978 (ubuntu - 25/10/10)
Section: 8 (Commandes administrateur)
Name
mount.crypt - mount a dm-crypt encrypted volume
Syntax
mount.crypt [-nrv] [-o options] device directory
Options
- -o options
- Set further mount options. mount.crypt will take out its own options it recognizes and passes any remaining options on to the underlying mount program. See below for possible options.
- -n
- Do not update /etc/mtab. Note that this makes it impossible to unmount the volume by naming the container - you will have to pass the mountpoint to umount.crypt.
- -r
- Set up the loop device (if necessary) and crypto device in read-only mode. (The mount itself will necessarily also be read-only.) Note that doing a remount using `mount /mnt -o remount,rw` will not make the mount readwrite. The crypto and loop devices will have to be disassociated first.
- -v
- Turn on debugging and be a bit more verbose.
Mount options
- cipher
- The cryptsetup cipher used for the encrypted volume. This option is mandatory for PLAIN (non-LUKS) volumes. pmt-ehd(8) defaults to creating volumes with "aes-cbc-essiv:sha256" as a cipher.
- dm-timeout=seconds
- Wait at most this many seconds for udev to create /dev/mapper/name after calling cryptsetup(8). The default value is 0 seconds.
- fsck
- Run fsck on the container before mounting it.
- fsk_cipher
- The OpenSSL cipher used for the filesystem key. The special keyword "none" can be used to bypass decryption and pass the file contents directly to libcryptsetup.
- fsk_hash
- The OpenSSL hash used for producing key and IV.
- fstype
- The exact type of filesystem in the encrypted container. The default is to let the kernel autodetect.
- hash
- The cryptsetup hash used for the encrypted volume. This defaults to no hashing, because pam_mount assumes EHD volumes with strong and simple fskey generation.
- keyfile
- The path to the key file. This option is mandatory for "normal" crypto volumes and should not be used for LUKS volumes.
- remount
- Causes the filesystem to be remounted with new options. Note that mount.crypt cannot switch the underlying loop device (if applies) or the crypto device between read-only and read-write once it is created; only the actual filesystem mount can be changed, with limits. If the loop device is read-only, the crypto device will be read-only, and changing the mount to read-write is impossible. Similarly, going from rw to ro will only mark the mount read-only, but not the crypto or loop device, thus making it impossible to set the filesystem the crypto container is located on to read-only.
- ro
- Same as the -r option.
- verbose
- Same as the -v option.
Obsolete mount options
This section is provided for reference.
- loop
- This option used to set up a loop device, because cryptsetup(8) expects a block device. The option is ignored because mount.crypt can figure this out on its own.
Contenus ©2006-2024 Benjamin Poulain
Design ©2006-2024 Maxime Vantorre