Skip to main content

Changing a LUKS Passphrase

Hands-On Lab

 

Photo of Bob Salmans

Bob Salmans

Training Architect

Length

00:30:00

Difficulty

Intermediate

In this hands-on lab, we will learn how to safely change the passphrase used on a LUKS-encrypted volume without losing the data on the volume. LUKS passphrases should be changed on a regular schedule, just like account passwords.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Changing a LUKS Passphrase

Introduction

In this hands-on lab, we will learn how to safely change the passphrase used on a LUKS-encrypted volume without losing the data on the volume. LUKS passphrases should be changed on a regular schedule, just like account passwords.

Connecting to the Lab

  1. Open your terminal application, and run the following command (remember to replace <PUBLIC_IP> with the public IP you were provided on the lab instructions page):
    ssh cloud_user@<PUBLIC_IP>
  2. Type yes at the prompt.
  3. Enter your cloud_user password at the prompt.

Change the LUKS-Encrypted Volume Passphrase

  1. List the contents of the /dev/mapper/ directory.
    ls /dev/mapper/
  2. Determine which volume contains patient_lv.
    cryptsetup -v status patient_lv
  3. Change the passphrase.
    sudo cryptsetup luksChangeKey /dev/mapper/luks_vg-patient_lv
  4. Enter Pinehead1! at the prompt.
  5. Enter Waddle4thewin! at the prompt.
  6. Re-enter Waddle4thewin! at the prompt.

Add a File Named test.txt to the LUKS-Encrypted Volume

  1. Determine where the patient_lv logical volume is mounted.
    df -h
  2. Change to the /data directory.
    cd /data
  3. List the contents of the directory.
    ls
  4. Create a new file called test.txt.
    touch /data/test.txt

Conclusion

Congratulations, you've successfully completed this hands-on lab!