11.3: GELI attach: Wrong key despite correct passphrase
Alaksiej
ac at belngo.info
Sun Aug 18 22:30:21 UTC 2019
Hello Marco,
To the best of my knowledge geli in 11.3 should be absolutely capable to
attach geom created in 11.1. So when the utility reports "Wrong key"
there's a big chance it is telling you truth, and something in the key data
you are supplying to it is wrong. Key data here can be either password, or
key(s), or password + key(s).
CyberLeo's suggestion is that maybe your 11.1-created SSD doesn't require
password at all. Which can be reasonable guess if, for example, both disks
were used in the same computer, and you were asked for your password just
once every boot. (Your initial message is not specific on how those SSDs
were used).
If it's not the case, then we should suspect key(s) part. Check the
/boot/loader.conf file on 11.1-created SSD: are there any geli_*_keyfile_*
lines?
On Sun, Aug 18, 2019 at 10:05 PM Marco Steinbach <
coco at executive-computing.de> wrote:
> On Sun, 18 Aug 2019 10:20:51 -0500
> CyberLeo Kitsana <cyberleo at cyberleo.net> wrote:
>
> > On 8/18/19 8:46 AM, Marco Steinbach wrote:
> > > Hi.
> > >
> > > I have two bootable SSDs, both installed using a GELI encrypted
> > > root on ZFS.
> >
> > <snip>
> >
> > > I've then imported the bootpool from da0, and mounted it, so I can
> > > try using the key in boot/
> > >
> > > root at bsdbuch:~ # geli attach -k /bootpool/boot/ada0p5.eli /dev/da0p5
> > > Enter passphrase:
> > > geli: Wrong key for da0p5.
> >
> > Did you intend on combining both a keyfile AND a passphrase here? If
> > not, include the -p option to instruct geli to avoid asking for a
> > passphrase to mix in.
> >
> > It might also help to include the output of 'geli dump' for both of
> > the affected providers. You can obscure the 'Salt' and 'Master Key'
> > portions if you so desire.
> >
>
> I think there's a misunderstanding.
>
> I merely want to attach the GELI created by the 11.1 installer to a
> newly installed 11.3 system.
>
> MfG CoCo
>
> _______________________________________________
> freebsd-geom at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-geom
> To unsubscribe, send any mail to "freebsd-geom-unsubscribe at freebsd.org"
>
More information about the freebsd-geom
mailing list