2

The partition table is:

sda1 - /boot

sda2 - dmcrypt with LVM, containing root, home and swap volumes

Cryptsetup does not accept passphrase, that have been used for a long time and can not have any mistakes. I tried to mount it using PXE Live Ubuntu:

root@ubuntu:~# cryptsetup luksOpen /dev/sda2 vgroot
Enter passphrase for /dev/sda2: 
No key available with this passphrase.

On the live image US keyboard layot is only one by default. Copying and pasting of passphrase does not help too.

A month ago I have successfully mounted the dm-crypt on the same live image to chroot.

I have Ubuntu 14.04 installed and 13.10 live image on PXE boot.

Dinarx
  • 21

2 Answers2

0

Most likely you've mistyped your password.

Following steps can help.

  1. Confirm you've the right device:

    sudo cryptsetup isLuks /dev/sda3 -v

  2. Validate the header:

    sudo cryptsetup luksDump /dev/sda3

  3. Try initial few passwords (consider adding --debug for more output):

    sudo cryptsetup luksOpen --test-passphrase /dev/sda3

  4. Consider to backup the header:

    sudo cryptsetup luksHeaderBackup /dev/sda3 --header-backup-file luksHeader.bin

    Note: You can also consider to backup the whole device using dd.

  5. Use header file to try different passwords: (quicker and safer than using the actual device)

    sudo cryptsetup luksOpen --test-passphrase luksHeader.bin

To brutal force it, read more at: Receiving "No key available with this passphrase" with LUKS

kenorb
  • 10,944
0

Well, the error "No key available with this passphrase" sounds like the key you're looking for is not in the LUKS header anymore. Could be the wrong passphrase, or could be something happened to that key, or the whole LUKS header. If you have a backup of the LUKS header you can try using it with the cryptsetup option --header

And try the --verbose & --debug options too, maybe there'll be more info revealed. The action isLuks -v <device> might be helpful to see if it's still a recognizable LUKS device.

And like the man cryptsetup page describes below, a LUKS header backup is important, (and look into the luksHeaderBackup and luksHeaderRestore actions too):

LUKS header: If the header of a LUKS volume gets damaged, all data is permanently lost unless you have a header-backup. If a key-slot is damaged, it can only be restored from a header- backup or if another active key-slot with known passphrase is undamaged. Damaging the LUKS header is something people manage to do with surprising frequency. This risk is the result of a trade-off between security and safety, as LUKS is designed for fast and secure wiping by just overwriting header and key-slot area.

Xen2050
  • 8,943