Mount encrypted volumes from command line?

Your volume is probably encrypted with LUKS, here's how to mount it:

You need:

sudo apt-get install cryptsetup

To decrypt the volume:

sudo cryptsetup luksOpen /dev/sda1 my_encrypted_volume

Now you can mount it as usual:

sudo mkdir /media/my_device
sudo mount /dev/mapper/my_encrypted_volume /media/my_device

To lock the container again, it needs to be unmounted first:

sudo umount /media/my_device
sudo cryptsetup luksClose my_encrypted_volume

To automatically put it in the /media location, use the udisks tool

sudo udisks --mount /dev/mapper/my_encrypted_volume

The steps in @Georg Schölly's answer did not work for me at the time, although they might work now, a few Ubuntu releases after. Back then, after the sudo mount /dev/mapper/my_encrypted_volume /media/my_device step I got the error:

mount: unknown filesystem type 'LVM2_member'

Unlocking and mounting the disk with udiskctl

Instead, I used udisksctl, a command-line interface that interacts with the udisksd service.

Here's what worked (/dev/sdb5 is the partition on my hard disk marked as crypt-luks):

udisksctl unlock -b /dev/sdb5
udisksctl mount -b /dev/mapper/ubuntu--vg-root

After typing the first command, you'll be prompted for your encryption passphrase. Once the encrypted partition is unlocked, the second command will mount it. If that's successful, you'll end up with a message similar to this:

Mounted /dev/dm-1 at /media/dpm/e8cf82c0-f0a3-41b3-ab28-1f9d23fcfa72

From there I could access the data :)

Locking the disk with udiskctl

Unmount the device:

udisksctl unmount -b /dev/mapper/ubuntu--vg-root

You'll need to deactivate all logical volumes in the ubuntu-vg volume group first. Otherwise you'll get an error along the lines of 'Device busy' if you try to lock it (more info):

sudo lvchange -an ubuntu-vg

Then you'll be able to lock back the encrypted partition

udisksctl lock -b /dev/sdb5

Notes

  • The udisksctl commands are executed without sudo.
  • Device mapper names: the ubuntu--vg-root naming might change across Ubuntu releases (e.g. I've seen it called system-root and ubuntu-root too). An easy way to find out the name is to run the following command after unlocking the LUKS partition:

    ls -la /dev/mapper

    Then looking at the output of the ls command, the name you'll need will be generally the one symlinked to /dev/dm-1

  • Device mapper names, alternative: an alternative to the previous command is to run:

    lsblk -e7

    There you'll be able to see the device name mapping as a tree view. The -e 7 option is used to exclude the loop devices (ID 7) created by installed snaps from the output. Simply to have less clutter.

  • Logical volume names: you can run the sudo lvs command to find out the names of volume groups and logical volumes
  • Disks app: the GNOME Disks app does not automatically deactivate the logical volumes before locking the partition. Even if you've successfully unlocked the partition via the GUI, you will need to go to the command line and execute the sudo lvchange -an ubuntu-vg command before you can lock it from the GUI.

If you get this error:

mount: unknown filesystem type 'LVM2_member'

run:

sudo apt-get install lvm2
sudo lvscan

then activate all LVM you see

sudo vgchange -ay

then re-run the mount:

sudo mount /dev/mapper/my_encrypted_volume /media/my_device