Mount encrypted volumes from command line?
Your volume is probably encrypted with LUKS, here's how to mount it:
You need:
sudo apt-get install cryptsetup
To decrypt the volume:
sudo cryptsetup luksOpen /dev/sda1 my_encrypted_volume
Now you can mount it as usual:
sudo mkdir /media/my_device
sudo mount /dev/mapper/my_encrypted_volume /media/my_device
To lock the container again, it needs to be unmounted first:
sudo umount /media/my_device
sudo cryptsetup luksClose my_encrypted_volume
To automatically put it in the /media
location, use the udisks tool
sudo udisks --mount /dev/mapper/my_encrypted_volume
The steps in @Georg Schölly's answer did not work for me at the time, although they might work now, a few Ubuntu releases after. Back then, after the sudo mount /dev/mapper/my_encrypted_volume /media/my_device
step I got the error:
mount: unknown filesystem type 'LVM2_member'
Unlocking and mounting the disk with udiskctl
Instead, I used udisksctl
, a command-line interface that interacts with the udisksd
service.
Here's what worked (/dev/sdb5
is the partition on my hard disk marked as crypt-luks
):
udisksctl unlock -b /dev/sdb5
udisksctl mount -b /dev/mapper/ubuntu--vg-root
After typing the first command, you'll be prompted for your encryption passphrase. Once the encrypted partition is unlocked, the second command will mount it. If that's successful, you'll end up with a message similar to this:
Mounted /dev/dm-1 at /media/dpm/e8cf82c0-f0a3-41b3-ab28-1f9d23fcfa72
From there I could access the data :)
Locking the disk with udiskctl
Unmount the device:
udisksctl unmount -b /dev/mapper/ubuntu--vg-root
You'll need to deactivate all logical volumes in the ubuntu-vg
volume group first. Otherwise you'll get an error along the lines of 'Device busy' if you try to lock it (more info):
sudo lvchange -an ubuntu-vg
Then you'll be able to lock back the encrypted partition
udisksctl lock -b /dev/sdb5
Notes
- The
udisksctl
commands are executed withoutsudo
. Device mapper names: the
ubuntu--vg-root
naming might change across Ubuntu releases (e.g. I've seen it calledsystem-root
andubuntu-root
too). An easy way to find out the name is to run the following command after unlocking the LUKS partition:ls -la /dev/mapper
Then looking at the output of the
ls
command, the name you'll need will be generally the one symlinked to/dev/dm-1
Device mapper names, alternative: an alternative to the previous command is to run:
lsblk -e7
There you'll be able to see the device name mapping as a tree view. The
-e 7
option is used to exclude the loop devices (ID 7) created by installed snaps from the output. Simply to have less clutter.- Logical volume names: you can run the
sudo lvs
command to find out the names of volume groups and logical volumes - Disks app: the GNOME Disks app does not automatically deactivate the logical volumes before locking the partition. Even if you've successfully unlocked the partition via the GUI, you will need to go to the command line and execute the
sudo lvchange -an ubuntu-vg
command before you can lock it from the GUI.
If you get this error:
mount: unknown filesystem type 'LVM2_member'
run:
sudo apt-get install lvm2
sudo lvscan
then activate all LVM you see
sudo vgchange -ay
then re-run the mount:
sudo mount /dev/mapper/my_encrypted_volume /media/my_device