User Tools

Site Tools



This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
computing:raid [2019/02/24 21:21]
computing:raid [2019/04/10 02:55] (current)
Line 94: Line 94:
   mdadm --readwrite /dev/mdx [restart]   mdadm --readwrite /dev/mdx [restart]
-If a drive failsyou need to deactivate itactivate the replacement and then allow enough time for syncing.  That tutorial is next and will go below.  It centers around mdadm commands to deactivate the old driveand with sfdisk to create an identical partition table on the new device.  More later on that ...+Okaythe point of this is to combine RAID with pam_mount handlind the mounting of the crypt, and we also need ssh pubkey authentication.  But, without some tweaks, we would never be able to access the public keywhich is in the crypt on the server.  So, we need to move a copy of the public keys outside the crypt.  Here is how: 
 +  cp -a ~/.ssh/authorized_keys /opt/authorizedkeys 
 +  sudo nano /etc/ssh/sshd_config 
 +Add the following parameter in the section that pertains to it: 
 +  AuthorizedKeysFile      /opt/authorized_keys 
 +Now, when you reboot, even if PasswordAuthentication and ChallengeResponse are set to "no," as long as PubKeyAuthentication is set to "yes" you will be able to do the following to mount the crypt.  This is because pam_mount is handling log in, and PAM is therefore allowing the password to be entered through the ssh tunnel because sshd_config also has Use PAM yes. 
 +  ssh user@xx.xx.xx.xx 
 +  screen 
 +  su - user 
 +  <authenticate> 
 +Nowpress ctrl-a-d to detach from the screen.   
 +  exit 
 +Okay, now you have survived reboot with a RAID array, with pam doing its magic for you on the crypt ... hardly a pain if it saves you       
 +a trip
 ------------------------------------------- -------------------------------------------
computing/raid.txt · Last modified: 2019/04/10 02:55 by oemb1905