I've been battling with changing a CentOS 6.6 server with luks on sda2 from a password over to a key on the /boot.
Steps I've taken:
Install CentOS with LVMs, check the box for encryption. By default it encrypts the second drive.
Log into the system. Make a key 4kb, random data (I've also made simple text files as keys).
dd if=/dev/urandom of=/boot/key bs=1024 count=4 chmod 0400 /boot/key chown root:root /boot/key Add key to encrypted device
cryptsetup luksAddKey /dev/sda2 /boot/key Point to key in crypttab
luks-56f2875a-f5a0-46c4-a55a-7d655842ab57 UUID=56f2875a-f5a0-46c4-a55a-7d655842ab57 /boot/key luks Update the kernel image
dracut -f Reboot and I get prompt for a password.
Check messages and dmesg and I see it referencing the key file.
grep luks /var/log/dmesg dracut: luksOpen /dev/sda2 luks-56f2875a-f5a0-46c4-a55a-7d655842ab57 /boot/key I've played around with couple of configurations but keep getting prompted for a password.
What's even weirder is that these steps, with a few changes, work for me in Ubuntu 14.04.
[link][7 comments]