[SOLVED] No key available with this passphrase luks bash

No key available with this passphrase luks bash

I am trying to remote configure my host with a script. However it fail when doing cryptsetup luksOpen

here is my function:

# used to encrypt the volume
# $1 the ssh connect
# $2 the partition
# $3 the password
# $4 the LUKSName
encrypt(){
ssh $1 << EOF
  sudo -s
  # convert the partition to the LUKS format
  echo "About to init luks on partition: cryptsetup luksFormat $2 with [YES, $3, $3]"
  (
  echo YES
  echo $3
  echo $3
  ) | cryptsetup -v luksFormat $2
  sleep 3
  echo "About to mount and format: cryptsetup luksOpen $2 $4 with [$3]"
  (
  echo $3
  ) | cryptsetup -v luksOpen $2 $4
  # Create an EXT4 file system on the LUKS logical volume
  mkfs.ext4 /dev/mapper/$4
  # optional create the luks.key
  echo $3 > /root/luks.key
  echo "About to create the luksKey: cryptsetup luksAddKey $2 /root/luks.key with [$3]"
  (
  echo $3
  ) | cryptsetup luksAddKey $2 /root/luks.key
  # enter the new volume in /etc/fstab
  echo "/dev/mapper/$4 /$4 ext4 defaults 1 2" >> /etc/fstab
  # create the mount point
  mkdir /$4
  #mount the luks volume
  mount /$4
EOF
}

So my logs are correct for the luksFormat but fail with luksOpen

About to init luks on partition: cryptsetup luksFormat /dev/sdb1 with [YES, pwd, pwd]
Command successful.
About to mount and format: cryptsetup luksOpen /dev/sdb1 mongo_data with [pwd]
No key available with this passphrase.
Command failed with code 1: No key available with this passphrase.

When I do it manually it is working.

Here is debug traces:

# cryptsetup 1.6.6 processing "cryptsetup --debug luksOpen /dev/sdb1 mongo_data"
# Running command open.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating crypt device /dev/sdb1 context.
# Trying to open and read device /dev/sdb1.
# Initialising device-mapper backend library.
# Trying to load LUKS1 crypt type from device /dev/sdb1.
# Crypto backend (gcrypt 1.6.5) initialized.
# Detected kernel Linux 4.4.0-81-generic x86_64.
# Reading LUKS header of size 1024 from device /dev/sdb1
# Key length 32, device size 20969472 sectors, header size 2050 sectors.
# Timeout set to 0 miliseconds.
# Password retry count set to 3.
# Password verification disabled.
# Iteration time set to 1000 miliseconds.
# Activating volume mongo_data [keyslot -1] using [none] passphrase.
# dm version   OF   [16384] (*1)
# dm versions   OF   [16384] (*1)
# Detected dm-crypt version 1.14.1, dm-ioctl version 4.34.0.
# Device-mapper backend running with UDEV support enabled.
# dm status mongo_data  OF   [16384] (*1)
# STDIN descriptor passphrase entry requested.
# Trying to open key slot 0 [ACTIVE_LAST].
# Reading key slot 0 area.
# Using userspace crypto wrapper to access keyslot area.
# Trying to open key slot 1 [INACTIVE].mke2fs 1.42.13 (17-May-2015)
# Trying to open key slot 2 [INACTIVE].The file /dev/mapper/mongo_data does not exist and no size was specified.
# Trying to open key slot 3 [INACTIVE].
# Trying to open key slot 4 [INACTIVE].
# Trying to open key slot 5 [INACTIVE].
# Trying to open key slot 6 [INACTIVE].
# Trying to open key slot 7 [INACTIVE].
# STDIN descriptor passphrase entry requested.
# Nothing read on input.
# Releasing crypt device /dev/sdb1 context.
# Releasing device-mapper backend.
# Unlocking memory.

It seems that Nothing read on input means that it did not get my password...

Do you maybe have an idea?

Regards

Solution

The password for your encrypted container is YES... cryptsetup luksFormat does not carry out the dialogue when standard input is not a terminal; it just reads one line and uses that as the password.