Debian Installation :: Installer Incorrectly Setting Crypttab For Encrypted Swap?
Oct 29, 2014
Setting up a randomly passworded swap partition in Debian installer with the default settings (aes-xts-plain64 w/ AES-256 key strength) gives the following line in /etc/crypttab:
Code: Select all####_crypt /dev/#### /dev/urandom cipher=aes-xts-plain64,size=256,swap
However according to cryptsetup manpage when using XTS mode the key size must be doubled so in effect the 'size=256' parameter above is actually resulting in AES-128 strength, no? To get 256 bit key length the size option should be set to 512. Quote from cryptsetup manpage:
For XTS mode (a possible future default), use "aes-xts-plain" or better "aes-xts-plain64" as cipher specification and optionally set a key size of 512 bits with the -s option. Key size for XTS mode is twice that for other modes for the same security level.
View 3 Replies
ADVERTISEMENT
Aug 4, 2011
I just installed Debian stable from the standard i386 DVD. When I booted up, I noticed that GRUB showed me that I had the amd64 version of Debian installed. However, I did not download an amd64 DVD, nor do I want that architecture installed on my system (even though my system can support it). The output from "uname -a" (which included both "amd64" and "x86_64") also seem to confirm this. However, I was able to install 32 bit packages and get them to work (gdebi wouldn't even let me do this when I had Ubuntu 32-bit).
View 4 Replies
View Related
Nov 30, 2014
I want to install debian 7.7 to a laptop with encrypted LVM, but some how i can't install inside the LVM a separate /home and swap partition. Graphic Installer says i cannot change anymore after i made a encrypted LVM. When i make the separate partitions before making an LVM, i can encrypt them but i have to enter for every partition my passphrase. How I can create a LVM with /, /home and swap without entering three times my passphrase.
View 7 Replies
View Related
Apr 30, 2016
I installed Debian 8 Jessie with full disk encryption and chose to have everything on the same partition. After install, I notice that my 8GB laptop has a 16GB swap. Is there a way to reduce the swap to 8GB (or maybe 4) whilst not affecting the encryption?
I have a 1TB HDD so space is not an issue but I dislike such waste. The setup used LVM.
View 2 Replies
View Related
Nov 23, 2010
I think I found a bug with the maverick installer. [URL]. The installer is incorrectly reading my partition table I'm afraid it might overwrite data. /dev/sda3 is the target for the install.
/dev/sda1 = 200M = Windows system partition
/dev/sda2 = 239G = Windows install
/dev/sda3 = 50G = Where I want to install Linux
/dev/sda4 = 45G = NTFS storage
At first I had /dev/sda3 as a RAW type. In fact the only way I could create ext4 is via mkfs. I did unmount them before proceeding - mounted just as a reference in the screenshot. fdisk reads the same thing. Fresh install from LiveCD. I only have Wipe entire disk or Advanced in the installer. I don't have the "Install along side another OS" option.
View 9 Replies
View Related
Mar 25, 2010
What formula does the installer use to decide the default sizes of /, swap, and home?
View 2 Replies
View Related
Jun 24, 2010
My setup: Debian Squeeze;4 physical partitions, 3 of those create 1 volume group, 13 logical volumes within that vg; 1 unencrypted(boot); all others encrypted including swap.As stated in the man crypttab:The order of records in crypttab is important because the init scripts sequentially iterate through crypttab doing their thing.
View 2 Replies
View Related
Jul 1, 2010
I read an article earlier that suggested the swap partition is encrypted by default if you select an encrypted /home folder during installation, is that true (for Lucid)? I am suspecting it isn't because my hibernation works, which I believe shouldn't be the case?
View 3 Replies
View Related
Feb 15, 2010
I have installed ubuntu via the alternate installer, activating encrypted home directories, which in turn enabled to have encrypted swap partitions and disabled hibernation (suspend-to-disk). I understand the arguments for having an encrypted swapspace in these cases. However, I'd like to be nevertheless able to hibernate. Now that the system is already set up, I cannot change and completely encrypt my harddisk via LUKS+LVM as it is suggested in numerous places.Instead, I tried the following. I created two swap partitions (sda7 and sda: one being encrypted via cryptsetup, to be used as a 'real' swap (sda7). Another without encryption, which is not listed in /etc/fstab, so that it is not normally used by the system. I have then configured uswsusp in order to use sda8 as a resume partition:
[code]...
I have decided to encrypt the resume image - I don't care entering a password once every time I resume, it just shouldn't be at every boot. And this way, I can have hibernation without the uncomfortable solution of having my decrypted, open files on the disk as clear text. However, as sda8 is not 'mounted' when I want to suspend, I get the following error:
[code]...
When I try to suspend now, it works. The image seems to get correctly written to sda8. However, on reboot, the image does not seem to be detected and the system is not resuming. I end up with a fresh login screen. would be also to unmount sda8 upon resume, is this better done by entering a hook in /etc/pm/sleep.d or can I just continue in the wrapper script above by executing s2disk.unwrapped only by calling it (without 'exec'), and entering a swapoff line behind it?
View 1 Replies
View Related
Feb 21, 2011
i started on the "Installation & Upgrades" Forum. So this is basically a repost. I configured an encrypted swap during the installation process of my kubuntu maverick using the manual install CD. I do not use LVM. This worked fine but I made the mistake of assigning a password to the encrypted swap. I would like to change this in favor for a random key. I tried to change /etc/crypttab in the following way:
[code]...
Now the system still asks for a password for sda7_crypt at startup, but does not recognize the old password. It seems that the swap gets a random key and works fine anyway, so I really want to remove only the question for the PW at boot time. This is not a big issue, but it is annoying. When the system is up I can do swapoff and swapon without problems and no password is needed. Directly after boot swap works:
[code]...
View 1 Replies
View Related
May 28, 2010
I use the follow command to create a encrypted swap:
Code:
bash# echo "cryptswap /dev/sda5 none swap" >> /etc/crypttab
and edit the 'fstab' file :
Code:
/dev/sda6 / ext4 defaults 1 1
/dev/mapper/cryptswap swap swap defaults 0 0
That's work fine, but I found the permission of '/dev/mapper/cryptswap' is like this:
Code:
hello@world:~$ ls -l /dev/mapper/cryptswap
brw-rw-r-- 1 root disk 253, 4 2010-05-28 12:55 /dev/mapper/cryptswap
Other users can read the file '/dev/mapper/cryptswap', does it harm the system's security ?
View 4 Replies
View Related
Feb 23, 2011
I've chosen to encrypt my swap partition while I was installing opensuse 11.3 on my PC.
I want to know how I can change its password(passphrase)?
View 2 Replies
View Related
May 8, 2010
I've set up a Lucid system with software RAID and encryption, with three encrypted partions - swap (/dev/md1), the root filesystem (/dev/md2), and /home (/dev/md3). The unencrypted /boot partition is /dev/md0.
This works well but the passphrase had to be entered three times at bootup. Obviously it would be preferable to enter the passphrase once to unlock the root partition, then have the others unlocked via key files. So I added key files to the swap and home partitions and modified /etc/crypttab to use them:
Code:
md1_crypt UUID=8066adbc-584c-4766-b188-bc2a7b61a2f0 /root/keys/swap-key luks,swap
md2_crypt UUID=bac82294-f3b9-45e4-89ad-407cf8b19b7b none luks
md3_crypt UUID=7d82a0b7-c811-4cc3-9fe7-1961c74b5ff2 /root/keys/home-key luks
The key files are owned by root and have 0400 protection. (The /root/keys
[Code].....
Since the swap partition is no longer referenced in fstab or crypttab, why is there still a bootup password prompt for it? What else needs to be done to stop it?
View 1 Replies
View Related
Jun 16, 2009
I'd like my /home partition to be encrypted. Does this need to be selected during installation (I don't remember seeing an option) or can it be enabled after installation?
How stable is this with ext4 on Fedora 11?
View 7 Replies
View Related
Jul 30, 2010
Installing Debian on a new laptop and read that Debian-Installer (DI) can create an encrypted partition (/home) during installation.However, when I went through installation and started the manual partitioning (standard, non-lvm) , I am unable to locate the encryption option.
View 8 Replies
View Related
Mar 23, 2015
After my NVIDIA card died I decided it was time to buy an AMD card again (R9 270X), but I didn't think AMD drivers were such a pain in Linux as people said. Of course, in some distros anyway. On Arch, for example, there's no official release because Arch's developers would have to hold Xorg in order to make a closed-source driver available, because AMD's pace isn't in pair with Linux. So in order to install AMD's drivers on Arch I must rely on some guy's unnoficial repositories, but that isn't the whole problem. Even though I'm cool with adding repos and downgrading Xorg, I'm not cool with it not working for a lot of apps, so that's where I decided to try a few distros. Manjaro is a no-go because it installs Flash as default. openSUSE although is a very good distro, is a complete mess when it comes to repositories, specially multimedia ones. Ubuntu/Mint are also a no-go, Ubuntu because after 12.04 they have a spyware by default, and Mint because it contains non-free stuff by default.
So here I come! I ran Debian in the past for a long time (aside from a breaf period last year) and it was lovely, I could easily set up a custom encrypted install, but now I don't remember how to, and it's killing me. I don't like how the installer doesn't show the partitions size as they actually are, and I don't like how the automated encrypted LVM setup doesn't let me chose the encryption algorithm or the timeframe between each passphrase attempt. That's why I must create my install, and here's what I used to do on Arch (the part that really matters), converted to what I use on Debian:
Code: Select all# modprobe dm-mod
(create one 1GB partition for /boot, unencrypted ; create another big 930 GB formatted as "8e" - LVM - on dev/sda2)
Code: Select all# fdisk /dev/sda
(chose my ciphers and iter time)
Code: Select all# cryptsetup -c twofish-xts-plain64 -y-s 512 --iter-time 5000 luksFormat /dev/sda2
(open the luks container on "sda2_crypt")
[Code].....
After this is done, I go to the "partition disks" page where I select each partition/volume to it's correct destination. I then proceed to installing the base system, configuring apt, and all that. Now, before I install Grub I used to execute the following commands on shell:
Code: Select allĀ # nano /etc/crypttab
I used to put something there, but I don't remember what exactly. It's been a long time since I used Debian for long! But here's what I put there:
Code: Select allsda2_crypt /dev/mapper/sda2_crypt none luks
Then I procceeded to instal syslinux (I REALLY don't like GRUB)
Code: Select all# chroot /target
# apt-get install syslinux
But I get the following error:
E: cannot write log (Is /dev/pts mounted?) - posix_openpt (2: No such file or directory).
View 6 Replies
View Related
May 16, 2011
I installed an old version on accident, I used an encrypted LVM. When I removed the old debian and started the installation of the new version, the encrypted partition could not be used to install, and the drive itself was creating an error message when I tried to mount the installation there. This is probably a vague explanation of what is happening, but does anyone know how to remove these encrypted LVM partitions?
View 2 Replies
View Related
Jul 5, 2015
I've installed Ubuntu lots of times on my UEFI computer without any troubles. The last few days, I've been trying to install Debian Jessie on my computer. I do the steps bellow:
- Download the corresponding iso (amd64).
- Create a UEFI bootable USB drive with Rufus.
- With Safe boot, Fast boot and CSM disabled, I boot to the USB drive.
I expect to see something like this:
But what I get is this:
I'm using an Asus PC. GL550JK. The UEFI version is 205 (from Asus Support website).
Things I've tried:
- Booting with CSM on => Same behaviour. It's not my intention to install debian with CSM on, though.
- Using Wheezy instead of Jessi => Same behaviour.
View 5 Replies
View Related
Mar 6, 2010
I tried to boot the net installer (debian-504-amd64-netinst.iso) from a flash drive (installed with dd). When I tried to boot that, my BIOS skipped the flash drive, which I had set the flash drive as the first boot device. So, I put it on a CDRW, and got the same result. I also tried the offline installer (debian-504-amd64-CD-1.iso) using both of those methods, with the same results. I verified the MD5SUM of this download. I am installing on a computer with a 64 bit Pentium 4 Prescott, if it matters. I have no other working OS on the computer. What other options do I have? Or am I doing something wrong?
View 8 Replies
View Related
May 11, 2011
I'm having a problem with my debian installation; I am using the debian testing / wheezy weekly build CD, and despite using the full 650MB CD, and checking the CD to see that X, gnome, etc is all on there, it seems to insist on just downloading every single package from the internet - the CD doesn't even spin up during the 'select and install software' stage
This wouldn't be that much of a problem, except whenever I choose to use the graphical environment, it downloads all the packages, installs half and then says 'an installation step failed'!. And as it has to download the full set of packages from the net (rather than the CD) it gets a bit tiresome waiting 2+ hours for all the packages to download (I have fast internet, but the debian server doesn't feed data that fast).
And, the reason I am installing the graphical environment is that, although the installer recognises the network card, once you boot into the freshly installed system, it doesn't recognise the network card at all, and trying to bring it up just says 'eth0 not ready'!. So I want to get the graphical environment to make wireless easier to install, since the drivers for that are present, but wpa_supplicant isn't!
I'm tempted to just go and get Linux Mint Debian Edition... but I should be able to at least *install* Debian? (on a side note, I can't see what I'm doing wrong, since you can't really go wrong with the installer - it just seems to fail itself each time!).
how to make the installation faster by getting the installer to use the CD full of packages that I downloaded, rather than downloading the from the net each time, and also how to (1) find out *what* happened (the expert mode just says a step failed and that is it), and (2) to either get round it at the time, or prevent it happening somehow?. I installed Debian in 2007 on another laptop and that worked, but I then moved to Ubuntu as I wanted some newer software...... Ubuntu has been great until 11.04 which seems so full of bugs it isn't funny, so it is time to go back to Debian, if only I could get it installed!
View 6 Replies
View Related
Aug 29, 2015
I am having trouble getting the ethernet to connect my pc to the lan.
now what i have done is install wheezzy jessie to a hdd on a ibm think pad i5 processor and hot swapped it to this pc with a pentium 4 which i am setting up as a raid server.
I have followed the debian manual to the letter with regards to editing the /etc/network/interfaces file but still it wont connect.
could it be a driver issue? the fact i hot swapped the drives from totally different systems?
View 3 Replies
View Related
Oct 31, 2010
I am currently running 32 bit ubuntu in my PC with 2.5 GB RAM, Intel Pentium Dual Core inside. I am coming to debian soon. I will be installing 64 bit squeeze. Now I have 3 GB of swap space. I do satellite image processing. Therefore what is the recommended swap space for me with the kind of work I do. RAM is in very small amount but as of now I have to stay with it.
Also I am interested to know would KDE be an overkill for my machine. Will I run short of memory when I start image processing?
View 5 Replies
View Related
Aug 1, 2010
I'm in the process of setting up my very first ubuntu server.
Using 10.04 and has 2gb ram
I am using Ubuntu's software raid (mdadm)
It will be a file server, with 4 hard drives (3 in RAID5 and 1 as a spare)
All 4 drives have 2 partitions:
Partition 1 - 100mb
Partition 2 - The remaining drive space
I setup the first 3 drives' partition 1's to be RAID1 with the 4th drive's partition 1 as a spare. This is where I'm mounting "/boot" (it's my understanding that /boot cannot be on a RAID5). I setup the first 3 drives' partition 2's to be RAID5 with the 4th drive's partition 2 as a spare. This its where I'm mounting. I believe so far I'm setup correctly to be able to deal with a drive failure and the system should operate just fine. What I don't know what to do is with the /swap. I want to retain the ability to be able to operate with a drive going down. But I have also read warnings about putting /swap on a raid. How would you setup /swap?
View 6 Replies
View Related
Nov 25, 2010
How can I add more space to my drive since I only have 1gb of ram and plenty of hard drive space? Right now it does not seem to be utilizing the swap space very efficiently.
View 9 Replies
View Related
Mar 9, 2011
I used testdisk to undelete some files and in the process accidentally moved my partitions around (swap file was sda5 now it's sda3). Now I am getting the "no swap%" error from Conky. This is in Conky, I've already checked the UUID's with my partitions and fstab file.
# Conky settings #
background no
update_interval 1
cpu_avg_samples 2
[Code].....
View 9 Replies
View Related
Nov 14, 2010
I've installed a Squeeze-based distro - Crunchbang - with an encrypted root partition (no LVM), and it won't boot.
Here's what I get: Loading initial ramdisk. Loading, Gave up waiting for root device ALERT! /dev/mapper/hda5_crypt does not exist. Dropping to a shell!
Here's my partition table:
hda1 - Windows (Truecrypted)
hda2 - GRUB2
hda5 - /
hda6 - unused swap
[Code]...
What should I look for? Where do I go from the initramfs shell? Do I chroot? What then? This might be a Crunchbang issue (although others blame LVM which I didn't use, and it's the original Debian installer after all), but there's gotta be a reason it doesn't boot
View 1 Replies
View Related
Dec 12, 2010
I am having a problem setting up an encrypted home directory with openSUSE 11.3. I used Yast User and Group Management to edit an existing user to encrypt the home directory and the user.key and user.img files were created in the /home directory. I tried it out and logged in as user and created a new file. I logged out and logged in as a different user and was able to see the newly created file in the first users home directory.
I figured I did something wrong so I went back to Yast and deleted the user. I deleted the /home/user directory using file manager su mode. I tried again to create a new user with an encrypted home directory using Yast and now when Yast tries to write the changes I get an error: "pam_mount is already setup for user. Use --replace to replace the
existing entry." I do not know how to proceed from here except to try with a different user name as I do not understand what the error message means and what command to use --replace with.
View 1 Replies
View Related
Oct 28, 2014
I wrote the hybrid DVD image for DI b2 (Jessie) on the USB drive and booted from it (UEFI mode). But I don't see KDE there in the advanced options. Was it removed from the image, or desktop environment selection is moved to some late stage now?
View 2 Replies
View Related
May 20, 2015
I'm trying to install jessie on a new computer, but the installer does not see the hard drives. I copied the DVD-1 iso to a usb stick with dd (also tried the netinstall) and it boots, but when I get to partitioning, it only sees the usb drive. If I go to another virtual console and run dmesg or fdisk -l, all drives are seen correctly.
Back up a little - at first I tried the on-board raid, but when the installer couldn't see the drives, I went back into the bios and reset the sata mode to ahci. I've got it set to use bios/legacy OS, or whatever it's called, fast boot is disabled. Even if only one drive is connected, the debian installer does not see it. Then I read up on the fake raid I was trying to use and decided to go with software raid. Can't do that if there's no hard drives listed in the partitioner.
My own installer (refractainstaller) does work, and I've installed jessie with it a couple of times onto one drive, but I really wanted to use raid and lvm, and my installer doesn't do either of those things. No optical drive, but if that's the only way to install, I'll pull the one from my current box and use it for the install. I think I still have a blank CD or DVD lying around.
Hardware:
ASUS H97-PLUS LGA 1150
Intel core i3 (the cheapest one at newegg)
WD Black 1TB drives (2)
GSkill cheap memory, which already passed a memtest.
View 4 Replies
View Related
Feb 6, 2011
I'm trying to install stable Squeeze from HD "!! Scan hard drives for an installer ISO image. The quick scan for installer ISO images, which look only in common places, did not find an installer ISO image, but it may take a long time. Do full search for installer iSO image? [YEs} No kernel modules were found. This probably is due to a mismatch between the kernel Version available in the archive If you're installing from a mirror, you can work around this problem by choosing to install a different version of Debian. The install will probably fail to work if you continue without kernel modules"
[Code]....
View 1 Replies
View Related
