3

I have a single extra HardDrive encrypted with VeraCrypt in Ubuntu Gnome 16.04.

I'd like to use it to store my Documents, Photos etc, but I can't easily redirect the home links if the drive is not mounted at startup.

The command to mount it normally would be:

veracrypt --mount /dev/sda1

Typically this brings up a GUI, but I think if without one it would let me input the password in the terminal.

Is there any way I can do this during boot? I've so far attempted putting the line in /etc/rc.local as another website suggested but it did not work :(

If it's relevant, I'm currently booting without the splash screen due to another issue I had with inputting the password to unlock /

Thanks.

Baa
  • 3,452

2 Answers2

3

The simple thing I've been doing for 5 years now is to simple load it in my ~/.profile. However, since I don't want remount when already mounted, I check if a directory in the mount is present.

if [ ! -d "/media/Data/some_folder" ]; then
  veracrypt /dev/sda7 /media/Data
fi

You're probably better off finding something better, but this could work for now. I'd also encourage you to add truecrypt/veracrypt into your sudoers list so you don't have to enter your root password as well. See here: https://askubuntu.com/a/940972/400549

Mario Olivio Flores
  • 458
1

Maybe I can give some hints - but I am not very experienced, so please consider security issues for yourself:

I also tried to mount an external veracrypt-encrypted drive during startup via /etc/rc.local. Therefore I put a small bash-script in /usr/local/sbin. It contained only the veracrypt-mount-command, in which I put in the password:

veracrypt --password=XXXX --mount /dev/sda1

(security issue!)

I observed, that this script did not work if called during startup by /etc/rc.local while it worked without problems when called in TErminal after complete bootup with sudo. In this case the script ran without interaction, did not bring up the GUI and mounted the drive.

In /var/log/syslog I could see then, that the veracrypt command called by rc.local behaved different and expected interaction with the user, e.g. wanted the specification of the mountpoint (where to mount), whether hidden-volume-protection was needed etc.

So for my case it works now with the command-line option --non-interactive:

veracrypt --non-interactive --password=XXXX --mount /dev/sda1

or

if I specify all options, that veracrypt asked for as visible in /var/log/syslog (for this I added one option after the other and restarted...). Example:

veracrypt --fs-options=uid=XX,gid=XX --password=XXXXX --pim=0 -k "" --protect-hidden=no --mount /dev/sdb /PATH/TO/MOUNTPOINT

Besides, duckduckgo found this page for me:

https://wiki.archlinux.org/index.php/TrueCrypt

Maybe - I don't really know - it is possible and better and more convenient to mount veracrypt volumes with cryptsetup...

JGkn
  • 11
  • Ah this is useful, thanks. It could perhaps be combined with using keyfiles instead of passwords, and then using cryptsetup to store the keyfiles. Although I suppose, if the drive storing the script is encrypted anyway, then it wouldn't matter if you use key files or passwords... – Baa Apr 13 '18 at 19:39