Debian Configuration :: Moving Encrypted System To New Drive
Dec 30, 2015
I want to move my old system to a new drive. Currently I have Debian installed with following configuration:
I have an encrypted system where everything is encrypted except /boot. Currently I've /boot and / installed on a 16 GB mSata SSD and /home on a regulard HDD. I've got a 500GB SSD for Christmas and want to move the whole system to the new SSD.
I just wanted to ask if I've got the process required to to this down:
1. backup root-directory (/) without and /boot /home using tar keeping file-permissions and owners to ext. hard drive
2. backup /boot and /home separately using the same method
2. replace HDD with SSD remove mSATA SDD.
3. boot via live-usb
4. create appropriate volume groups, partitions, setup encryption etc.
5. extract backups to appropriate partitions
6. chroot to old /.
7. edit fstab
8. reinstall grub
9. create new init ram img.
I'm pretty sure I've got steps 1.-6. down but I'm very shaky on what to do next.
View 0 Replies
ADVERTISEMENT
Feb 9, 2011
I have an older system that has been running testing for about 4 years. Originally I was running testing for several packages that were not yet available in stable. However, now that this system has a more crucial role in the network I have considered moving it to stable in hopes that it I can gain some insurance on it's uptime. It is important to note that I have never had a problem with the testing distribution and would be quite content to continue running it; I do want to know my options though.
I have not yet updated the system since the stable release of squeeze, I am considering to change my sources from testing to stable and just let apt take care of the rest. Anyone have any experience with such a thing? After searching Google I have found some solutions to force a downgrade, but that is really not what needs to be done here. I suppose I should have switched my sources to squeeze some time ago and this probably would have worked itself out.
A similar question is what happens a couple of years from now when another release happens. Have you had good luck updating from old stable to stable? I've run testing on several machines now for several years and have went through freezes and dist-upgrades several times with no major problems at all. Will I see the same stability if I move to the stable distribution?
View 1 Replies
View Related
Sep 6, 2015
Debian encrypted LVM disappears every time on sda when I install any other also encrypted Linux distro on sdb.
How can I set up Debian that way that it wouldn't disappear or how can I recover it form UEFI?
View 1 Replies
View Related
Feb 27, 2016
I have Debian and Virtual Box with another Debian. I have resized max size of vdi file with VBoxManage modifyhd but now I need to resize partition on virtual machine's system. I've downloaded GParted and I can run machine from this ISO as CD. Partition is encrypted on machine.Unfortunately GParted doesn't start with X so I have to use it in terminal. I can see partitions:
Code: Select allroot@debian:/# fdisk -l
Disk /dev/sda: 80 GiB, 85899345920 bytes, 167772610 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x3914....
[code]....
So I though maybe I need to use this (URL...). I couldn't find similar tutorial about Debian or GParted but OK, it's just executing these commands, not modifying its source.list.But I cannot even do the update:
Code: Select allroot@debian:/# sudo apt-get update
Err: http://free.nchc.org.tw/debian sid InRelease
Temporary failure resolving 'free.nchc.org.tw'
Err2: http://free.nchc.org.tw/drbl-core drbl InRelease
Temporary failure resolving 'free.nchc.org.tw'
Reading package lists... Done
W: Failed to fetch http://free.nchc.org.tw/debian/dists/sid/InRelease Teporary failure resolving 'free.nchc.org.tw'
W: Failed to fetch http://free.nchc.org.tw/drbl-core/dists/drbl/InRelease Temporary failure resolving 'free.nchc.org.tw'
W: Some index files failed to download. They have been ignored, or old ones used instead.
So I check my internet connection. VirtualBox has 'attached to NAT' and before I run out of space on virtual machine, Debian could access internet. So it's only something about this GParted. I have modified /etc/resolv.conf with vi (even vim is not available). And it has two valid nameservers. I haven't restarted anything, as I'm not sure if I need to, after modifying resolv.conf file.But even in that case I cannot ping anything from GParted:
Code: Select allroot@debian:/# ping www.google.com
ping: unknown host www.google.com
How can I access internet from GParted and resize encrypted partition?
View 8 Replies
View Related
Apr 4, 2011
When I installed Debian on this machine, I went with guided partitioning, encrypted lvm, and Debian defaulted to a 10GB / partition. I figured, hey, defaults are there for a reason, so left it alone.
Now that I need to shrink my /home and extend /, I'd like to do so as easily as possible. I installed system-config-lvm, read its man page ( which is really just a long description of the program, not much instruction ) and fired it up. Won't let me resize ( shrink ) /home, said files are in use.
Is there a way to use the nice pretty graphical tool, or do I need to boot to a non-X-using runlevel and log in as root, then muck about with CLI tools like lvresize and resize2fs?
View 2 Replies
View Related
Jul 29, 2015
I ping my router. If I keep my mouse moving (or i'm typing) I get a 5ms ping.If I stop typing/moving my mouse, it times out.
- I disabled NetworkManager for the inteface eth0 but it doesn't solve the problem.
- I'm having the same problem using a Ubuntu 15.01 bootable image
- I'm having the same problem usign an Ethernet PCI Adapter
- I'm having the same problem usign a Wifi PCI Adapter
lsb_release -da
Code: Select allDistributor ID: Debian
Description: Debian GNU/Linux testing (stretch)
Release: testing
Codename: stretch
[code]....
View 5 Replies
View Related
Dec 20, 2010
I recently installed Debian (*former Windows user*) with xfce and I only aligned one partition. I have a 80gb SSD where I have the OS and apps. I just now installed a hard drive which I'm going to use for documents, pictures, music etc., but I haven't mounted it yet. I'd like to move /home to it's own partition on the second drive, and I'd like the desktop to be on the HDD also, but I don't really have any idea how to do this and haven't found any information about this (that's why I haven't mounted the HDD yet either). I'd like to keep the SSD purely as a drive for OS and apps so if there's anything else I should consider or if there's a better approach for this?
View 14 Replies
View Related
Jan 15, 2016
Is it better to install LUKS to raw disk (/dev/sdb) or disk partition (/dev/sdb1)? What are best LUKS options?
"cryptsetup benchmark" output
Code: Select allPBKDF2-sha1 1310720 iterations per second
PBKDF2-sha256 862315 iterations per second
PBKDF2-sha512 590414 iterations per second
[Code] ....
Is slow hash better or how to choose it? It is clear that aes-xts is best choise. Is 265 bit key good?
View 3 Replies
View Related
May 31, 2011
is it possible to mount a truecrypt file container as a home directory before login, if so how to do that?
View 3 Replies
View Related
Oct 26, 2010
I've installed Squeeze on a USB stick, but can't get it to boot. I've had this problem before and gave up last time. I installed on an encrypted LVM - here is the grub.cfg
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by /usr/sbin/grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
[Code]...
I added rootdelay=10 and switched root from hd1,1 to hd0,0 as suggested elsewhere. Still no go, i jsut get dumped into ramfs shell with an error message saying that /dev/mapper/crunchbang-root doesn't exist.
View 1 Replies
View Related
Mar 4, 2010
My root filesystems flooded so I'm trying to move it to another (bigger) partition but I'm not sure of the best method. I just tried to use "dd if=/dev/sda1 of=/dev/sda6" to copy it but all that did was give me a brand new partition with no freespace available presumably because the filesystem is smaller than the partition. Is it possible to make the filesystem bigger?
View 8 Replies
View Related
Dec 7, 2015
I use a static compiled kernel and a fully encrypted disk apart from a boot partition. I have recompiled and installed kernels many times. When I tried with the latest kernel from Testing, 4.2.6, the system will not boot. Not only that but the previous kernel now does not boot. However, a stock modular kernel does boot. The static kernel hangs at:
Code: Select allVolume group "dk" not found
Cannot process volume group dk
/run/lvm/lvmetad.socket: connect failed: No such file or directory
WARNING: Failed to connect to lvmetad. Falling back to internal scanning.
Reading all physical volumes. This may take a while...
/run/lvm/lvmetad.socket: connect failed: No such file or directory
[Code] ....
And after giving the password the boot continues successfully. How to diagnose it further?
View 1 Replies
View Related
Aug 24, 2010
I am trying to create an encrypted file and later mount it as a filesystem.
KEY=`tr -cd [:graph:] < /dev/urandom | head -c 79`
echo $KEY | openssl aes-256-cbc > container.key
dd if=/dev/urandom of=~/container.img bs=1G count=10
losetup /dev/loop0 ~/container.img
[code]....
The luksOpen command asks me for my passphrase, but always rejects it. I have retried this several times and written down the passphrase - and even tried with a very simple one just to check. And I never can make it work.
View 2 Replies
View Related
Apr 30, 2011
My partitions are set up as follows:
[code]...
I installed Ubuntu successfully using rescue mode on the alternate cd, and let Ubuntu use an internal boot and home. At the final stage grub refused to install to the MBR, and then refused to install to my /boot partition on /dev/sda2. It said: No boot loader has been installed, either because you chose not to or because your specific architecture doesn't support a boot loader yet. You will need to boot manually with the /vmlinuz kernel on partition /dev/mapper/volumegroup-natty and root=/dev/mapper/volumegroup-natty passed as a kernel argument. Returning to debian, I did a update-grub, which detects Windows and Ubuntu:
[code]...
How do I make grub decrypt the LUKS partition before attempting to load the Ubuntu kernel?
View 3 Replies
View Related
Jun 28, 2011
how can I set the keyboard layout used by Debian to enter the password of my encrypted filesystem?
After my recent "aptitude upgrade", I have not been able to mount my encrypted filesystem anymore. I have discovered that the keyboard layout used to enter the password has changed. Problem is that with such layout I can't enter some of the characters composing the password. The encrypted filesystem looks intact, since I have been able to mount it and backup my files by means of a live CD. That means that I can edit any system file, if needed.
Every technique I have found to change layout cannot be employed in this case, since they rely on the system being up and running. I've tried editing /etc/default/keyboard, but that does not work.
View 2 Replies
View Related
Dec 30, 2015
I installed debian 8 on a 16 GB usb drive using this guide. I used a debian 8.2 64-bit image with mate. If I were to get a larger usb drive, would I be able to transfer everything from the 16GB drive to it? How?
View 1 Replies
View Related
Jun 25, 2010
My laptop has only Debian on it. Except for /boot, the entire hard drive is a giant encrypted LVM partition. It takes Clonezilla 13 hours to back up to a USB hard drive without verification, long enough to make sure backups aren't done much. Is there some way to make an encrypted bare-metal backup of only what is used (except swap) instead of every sector? Backing up across the LAN would be ok.
View 6 Replies
View Related
Apr 30, 2016
I installed Debian 8 Jessie with full disk encryption and chose to have everything on the same partition. After install, I notice that my 8GB laptop has a 16GB swap. Is there a way to reduce the swap to 8GB (or maybe 4) whilst not affecting the encryption?
I have a 1TB HDD so space is not an issue but I dislike such waste. The setup used LVM.
View 2 Replies
View Related
Feb 19, 2010
I have been learning Debian by using a virtual machine. After fine-tuning my installation procedure, I decided to copy that installation to my physical system. The hard drive already has another Linux based system installed. I plan to dual boot.After copying files I updated fstab and menu.lst.
The partition scheme between the virtual and physical environments are similar, but the partitions are not mapped exactly the same.Thus the Debian system on the physical hard drive fails to boot. I think the initrd created in the virtual machine is looking for the root file system on /dev/hda1 whereas on my physical drive the new location is /dev/sda7.How can I rebuild the initrd on the physical system? Or how can I build an initrd in the virtual system that will function on the physical system.I started to use the installation DVD in rescue mode, but I did not get too far.
View 4 Replies
View Related
Jun 6, 2010
Recently set up root encryption with a couple of LVM volumes inside one LUKS volume, and I am just a little confused as to how I would go about getting it to automatically unlock using a keyfile stored on a USB flash drive, I presume I would have to put the drive in the fstab inside my initramfs (if there is one), and add a hook for USB device support.
But I digress, essentially, I want to know what I have to do to enable my LUKS volume (containing all of my partitions sans /boot) to unlock using a keyfile stored on a USB flash drive, rather than a manually entered passphrase.
View 2 Replies
View Related
Aug 5, 2011
I did some minor upgrades to my 10.04 box which grew and grew and grew until I'd hosed xorg, and after some unwise choices about uninstalling X11 as a means to rebuild the system I now have a drive I was using for 10.04 that basically doesn't have an O/S any more... don't ask! First class stupid.Anyhow, I've cracked open a new drive, installed 11.04 and was planning to mount the old /home/me folder as a symbolic link from 11.04. All that was fine until I remembered that 1) I no longer have an OS on my 10.04 drive and I've encrypted my home folder on the 10.04 machine. That home folder is still intact, but obviously not much use right now.
So, have I just hosed myself completely (as I suspect) hosed myself or is there a way to capture the cleartext data from the encrypted folder and move it into the 11.04 machine, either with rsync, restoring the O/S to the formerly 10.04 drive and restoring the encryptied /home to that drive?
Goal 1) recovery contents of encrypted folder to plaintext, but lacking ability to log into O/S that generated the /home folder
2) move data to 11.04
3) attach the cleartext verison of home to my 11.04 account and get to work.
View 6 Replies
View Related
Aug 23, 2015
I have a system which i installed on usb flash (doesn't matter why). The system has 3 partitions: "boot", "/" and "swap". "Swap" and "/" are encrypted by LUKS. "Swap" is encrypted by random key, "/" - by passphrase.
I created this system only to make a liveDVD from it (not liveUSB).
To achieve this goal i installed program called "Systemback" (fork of Remastersys).
Links:
[URL] ....
[URL] ....
So i pushed the button 'Create live system' (or Live system create, don't remember exactly) and configured it to automatically convert .*sblive to .*iso
Program made it's work and i burned image in DVD.
But when i launch it i have this:
The last picture - is when i trying to startliveDVD with installed LVM2. No difference except one message.
I went to freenode and ask some questions. Somebody told me that maybe the problem is in LVM. But LVM was already installed, so i installed LVM2. No result.
How can i make the system that is encrypted by LUKS work from DVD? And is it really possible? Maybe systemback doesn't support feature to make live-image of encrypted system?
The system is Debian 8.1.0
I did the same with nonencrypted system - result is succesfull, liveDVD works.
View 5 Replies
View Related
May 16, 2011
I need to move a LUKS encrypted partition to the end of a harddrive to expand another partition. Does anyone know how to do this?
Is it possible to do this with other partition editing programs?
Gparted doesnt support LUKS/LVM
View 1 Replies
View Related
Feb 1, 2016
I have two basically identical harddrives that are encrypted with LUKS containing a complete debian installation:
Code: Select allroot@x200s:/home/b# lsblk --fs
NAME FSTYPE LABEL UUID MOUNTPOINT
sda
├─sda1 ext2 0b851969-281e-4db2-8a5b-3798e801711b /boot
├─sda2
└─sda5 crypto_LUKS cfcf63ef-448a-4f72-9f58-8f7731cf3dfc
└─sda5_crypt LVM2_member 21CS3f-SQeQ-XcMr-kyDs-OPtR-egmT-HkvJAu
[Code] ....
sda is what I currently run to write this text, sdb is my former harddrive, connected via USB.
I want to access the root partition on sdb.
The problem is:
Code: Select allcryptsetup luksOpen /dev/sdb5 oldhd
Enter passphrase for /dev/sdb5:
root@x200s:/home/b# ls /dev/mapper/
control oldhd sda5_crypt x200s--vg-root x200s--vg-swap_1
root@x200s:/home/b# mount /dev/mapper/oldhd /mnt/
[b]mount: unknown filesystem type 'LVM2_member'[/b]
[Code] ..
Before all this, both sda and sdb where in the same volume group. I renamed the volume group of sdb to "oldDisk"
using
Code: Select allvgrename <UUID> oldDisk
How I can access the data on the root filesystem of my sdb..
View 2 Replies
View Related
May 29, 2011
I have installed debian 6 on two of my laptops. During installation I chose to encrypt my partitions (swap, root and home). Now I find it annoying that during boot up I'm asked for password, for each of these partions seperately. I have given same password for all three of them. How can I make the system ask for the password only once. I know it can be done because on fedora it was like that before.
View 5 Replies
View Related
Apr 28, 2015
I got a rather big problem since an attempt to upgrade.My debian version is 8.0.I upgraded when apt proposed the change. I did that in two steps, with apt-get upgrade and then apt-get dist-upgrade, with the installation of a new kernel. I moved from 3.2.0-4-686-pae to 3.16.0-4-686-pae.Since the upgrade, I can't boot my system any longer.During the boot sequence, this message appears with a countdown (it's copied by hand) :
Code: Select all(1 of 4) a start job is running for dev-disk-byX2du
At the end of the countdown, the boot sequence starts again, and ends up on an invite to log in as root in rescue mode. I can't connect (maybe due to some azerty/qwerty issue, I got a French keyboard. I tried to type in "qwerty mode", with no success (the password is not prompted)).I can connect with the 3.2 kernel however, selecting it form the grub interface. I can't log in in rescue mode either, but with this kernel the boot sequence goes on and I can log as a regular user or as root, at the end of the boot sequence. There is no X, but the system seems to work.What could I do to make the system boot properly with the new kernel, or to go back to the 3.2 version ?
View 14 Replies
View Related
Oct 28, 2014
I tried a while getting a live system working with encrypted persistence. The command
Code: Select alllive-persistence activate /dev/sdx2
works perfect, but boot time persistence works only for unencrypted storage. 'Cause I can not append the boot-log as file the most important part here:
Code: Select all+ tailpid=123
+ tail -f boot.log
+ cat /proc/cmdline
+ LIVE_BOOT_CMDLINE=BOOT_IMAGE=/live/vmlinuz boot=live noeject keyboard-layouts=de components persistence persistence-encryption=luks,none initrd=/live/initrd.img debug=true
+ Cmdline_old
+ PERSISTENCE=true
+ export PERSISTENCE
[Code] ....
The most confusing line is "Warning: cryptsetup is unavailable" - I took a look into the scripts, it checks if cryptsetup and askpass is executable if not this message. But:
I mounted the hdd-img file local and took a look: all binaries there.
So I tried a lot getting it working on boot time. I tried it with live-tools from testing, from wheezy and last but not least installed and pinned live-tools to unstable. Always the same. askpass isn't executable on boot time before mounting the persistence.
Config is
Code: Select alllb config noauto
--apt apt
--bootstrap debootstrap
--binary-images iso-hybrid
--distribution testing
--mirror-bootstrap http://ftp.debian.de/debian/
[Code] .....
(tried with binary-images=hdd, too)
and yes, cryptsetup is inside package-list (otherwise live-persistence from within running machine with crypted partitions would not work). Live tools I used for last run is 4.0.3-1 from unstable, before tried with 4.0.2-1 from testing.
Whats going wrong in boot system?
View 12 Replies
View Related
Jun 1, 2013
I'm a long time user of Debian, but I'm having trouble with my partitioning process. Here is where I currently stand:
I am installing the latest Wheezy build. I am trying to install debian with an encrypted LVM that spans two hard disks.
My partitioning layout is as:
1. /home
2. /root
3. swap
4. /boot
I then added partitions 1, 2 and 3 to a physical volume group. I then took that physical volume group and added it to a logical volume. Then I encrypted the logical volume, leaving the /boot partition untouched. I was under the assumption that the only partition the system needed free to reach the loading of the LVM is the /boot partition, as it holds the files necessary for booting. But when I attempt to finalize the disk, it gives an error stating, "No root file system detected". That would be an issue as it is currently sitting inside the encrypted LV. Am I wrong in including the root partition in the encrypted LV?
What is the best way of having as little of my file system non-encrypted as possible while still allowing a proper boot?
View 9 Replies
View Related
Jul 31, 2011
I am using Squessze and Gnome. When I try to use the gui System>Administration>Network or Users and Groups I get the error The configuration could not be loaded. You are not allowed to access the system configuration.Everything was working before. I read around a bit. In some cases,it was caused by mismatching group and password files after using the gui. I do not know how to check if they are matching. Of course I do not know for sure that is the problem in my case.
View 14 Replies
View Related
Sep 25, 2010
My problem is that I need to move a moderately complex system from an old system to a new system. The old system is a core 2 duo running on an asus p5k-se (p35 chipset) M/B, Nvidia 8500 gt, 3 x sata II hard disks, 1 x sata dvd, 1 x ide hd, 4GB ram. It runs opensuse 11.1 kde 4 as a desktop system + samba server, apache server, database server + other non-opensuse software. In addition some of the opensuse software is not the default 11.1 versions as later versions were required. The nvidia driver is from the nvidia repo. There are several file systems, some under LVM.
The new system will be a core5 760, asus p7p55d-e M/b (p55 chipset), nvidia 240, 3 x sata II HD, 1 x sata dvd, 4GB ram and possibly 1 x ide HD. This M/B also includes USB 3 & sata III. I have no USB 3 devices but this may eventually change. I have no plans for sata III and believe that it may be better to attach any sata III SSD to the sata II bus.
What I would like to do is to move the hard disks from old system to the new system. What I would like to know is, if the system is left at 11.1, is the system likely to work with the new hardware. If the answer is no, if the system was upgraded to 11.3, would the transfer of the hard disks then work? In order to upgrade from 11.1 to 11.3 using the DVD i believe I should get rid of all non-default repos. I assume that I should also get rid of anything that was installed from them, e.g. the nvidia driver and any software versions installed manually outside RPM. Also is there any default 11.1 software that should be removed either before or after the upgrade to 11.3
View 4 Replies
View Related
