Red Hat Bugzilla – Bug 866105
systemd drops to emergency shell when wrong password for cryptsetup is entered during boot
Last modified: 2013-03-07 19:24:00 EST
Created attachment 626728 [details]
log file created by journalctl command on dracut shell.
Description of problem:
I installed F18 beta TC3 using netinstall to a hard disk encrypted using anaconda during installation.
When I boot the installed system, if I make a mistake in entering the passphrase to decrypt the hard disk, the booting process is terminated and emergency shell appears.
[DEPEND] Dependency failed for basic system
I get a message that says to type "journalctl" to see the log files.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Start the installed system. Installation should be done on a encrypted hard disk (/, /home and swap).
2. Enter the wrong passphrase to decrypt the hard disk for booting to continue.
3. When the "enter password" prompt appears, try to enter the passphrase again or hit F2.
booting drops to emergency shell.
prompt for passphrase again.
journalctl created log file is attached.
Is this still a problem with current F18?
If so, does this happen immediately when the password is entered incorrectly? Or is there some timeout?
Yes. It is still a problem. But, unlike before, it does not drop in to an emergency shell on first attempt. I am able to enter the wrong password up to three times before it drops to emergency shell.
As for the timeout - if I happen to enter the wrong password multiple times, it drops to an emergency shell after a small time interval - typically, the delay is only as long as the time taken for password authentication.
(In reply to comment #2)
> Yes. It is still a problem. But, unlike before, it does not drop in to an
> emergency shell on first attempt. I am able to enter the wrong password up
> to three times before it drops to emergency shell.
That's intended. You can reconfigure the number of tries with the tries= option in crypttab(5).
> As for the timeout - if I happen to enter the wrong password multiple times,
> it drops to an emergency shell after a small time interval - typically, the
> delay is only as long as the time taken for password authentication.
That's something that can be controlled with the x-systemd.device-timeout=0 which anaconda should set by default for all file systems originating in crypto disks. That's tracked in bug 861123.
Since there's nothing else in this bug report, will close now.