Debian :: Make System Ask Password For Encrypted Partitions Only Once Not For Each Of Them?
May 29, 2011
I have installed debian 6 on two of my laptops. During installation I chose to encrypt my partitions (swap, root and home). Now I find it annoying that during boot up I'm asked for password, for each of these partions seperately. I have given same password for all three of them. How can I make the system ask for the password only once. I know it can be done because on fedora it was like that before.
I just installed CentOS 5.4 (x86_64) and I encrypted my /home /var /tmp and /mnt/Storage partitions, along with my swap partition. My only complaint is that when I boot, I have to enter my password 4 times, and I did not pick a short password. The password is the same for all 4 partitions. Is there anyway I can set things up so I can just type my password once? Once I get everything set up, I won't be booting that often, but right now it is a PIA.
I'm currently using an older version of ubuntu (Karmic) and want to finally update. Is there a way for me to get ubuntu to ask for a password before mounting a partition like Karmic did? I've been looking for a way to solve this problem, but I haven't been able to find any solutions. I know a lot of people found it annoying but I rather liked it.
I installed 4 encrypted partitions (/, /var, /tmp, and swap) that are mounted at boot using the Alternate Installation Disc, and they all have the same password, but I have to type that password in 4 times when booting up. How do I make it so I only need to type in my password once?
I just upgraded from F14 to F15 and have a problem with entering the password for the encrypted FS: when booting with the latest entry in the bootloader:
I'm running Debian Squeeze AMD64 with full disk encryption and LVM. After reinstalling Windows 7 I lost GRUB from the MBR. I managed to install GRUB after following this guide and using an Ubuntu 10.04 graphical installation disc, but I only get to a GRUB CLI when booting, so I can't actually choose an OS there.
I tried following this guide but I'm stuck after "# Mount the partitions to /mnt/root" and don't know what to do.
Does anyone know how I can fix GRUB so I get to choose between Debian and Windows 7 there?
I followed this tutorial to encrypt my entire installation: SDB:Encrypted root file system - openSUSE
It worked splendidly and whoever wrote it should get a lifetime supply of beer. After I got the install encrypted I made a RAID 1 array of 2 1GB disks and encrypted that as well. They are used for a data repository.
Want to make a 1gb volume on dev/sdb usb memory stick. Wrote Code: Select allsudo tcplay --create --device=/dev/sdb --pbkdf-prf=SHA512 --cipher=TWOFISH-256-XTS,AES-256-XTS
Command has to be sudo? Got Code: Select allPassphrase: Repeat passphrase: Summary of actions: - Completely erase *EVERYTHING* on /dev/sdb - Create volume on /dev/sdb
Are you sure you want to proceed? (y/n)
I do not want the usb stick to be erased. What do I do, to not erase the usb stick? If you create a volume on the system hdd, it should not erase the system.
I have a system which i installed on usb flash (doesn't matter why). The system has 3 partitions: "boot", "/" and "swap". "Swap" and "/" are encrypted by LUKS. "Swap" is encrypted by random key, "/" - by passphrase.
I created this system only to make a liveDVD from it (not liveUSB).
To achieve this goal i installed program called "Systemback" (fork of Remastersys).
Links: [URL] .... [URL] ....
So i pushed the button 'Create live system' (or Live system create, don't remember exactly) and configured it to automatically convert .*sblive to .*iso
Program made it's work and i burned image in DVD.
But when i launch it i have this:
The last picture - is when i trying to startliveDVD with installed LVM2. No difference except one message.
I went to freenode and ask some questions. Somebody told me that maybe the problem is in LVM. But LVM was already installed, so i installed LVM2. No result.
How can i make the system that is encrypted by LUKS work from DVD? And is it really possible? Maybe systemback doesn't support feature to make live-image of encrypted system?
The system is Debian 8.1.0
I did the same with nonencrypted system - result is succesfull, liveDVD works.
sda is what I currently run to write this text, sdb is my former harddrive, connected via USB.
I want to access the root partition on sdb.
The problem is:
Code: Select allcryptsetup luksOpen /dev/sdb5 oldhd Enter passphrase for /dev/sdb5: root@x200s:/home/b# ls /dev/mapper/ control oldhd sda5_crypt x200s--vg-root x200s--vg-swap_1 root@x200s:/home/b# mount /dev/mapper/oldhd /mnt/ [b]mount: unknown filesystem type 'LVM2_member'[/b]
[Code] ..
Before all this, both sda and sdb where in the same volume group. I renamed the volume group of sdb to "oldDisk" using
Code: Select allvgrename <UUID> oldDisk
How I can access the data on the root filesystem of my sdb..
I want to move my old system to a new drive. Currently I have Debian installed with following configuration:
I have an encrypted system where everything is encrypted except /boot. Currently I've /boot and / installed on a 16 GB mSata SSD and /home on a regulard HDD. I've got a 500GB SSD for Christmas and want to move the whole system to the new SSD.
I just wanted to ask if I've got the process required to to this down:
1. backup root-directory (/) without and /boot /home using tar keeping file-permissions and owners to ext. hard drive 2. backup /boot and /home separately using the same method 2. replace HDD with SSD remove mSATA SDD. 3. boot via live-usb 4. create appropriate volume groups, partitions, setup encryption etc. 5. extract backups to appropriate partitions 6. chroot to old /. 7. edit fstab 8. reinstall grub 9. create new init ram img.
I'm pretty sure I've got steps 1.-6. down but I'm very shaky on what to do next.
works perfect, but boot time persistence works only for unencrypted storage. 'Cause I can not append the boot-log as file the most important part here:
The most confusing line is "Warning: cryptsetup is unavailable" - I took a look into the scripts, it checks if cryptsetup and askpass is executable if not this message. But:
I mounted the hdd-img file local and took a look: all binaries there.
So I tried a lot getting it working on boot time. I tried it with live-tools from testing, from wheezy and last but not least installed and pinned live-tools to unstable. Always the same. askpass isn't executable on boot time before mounting the persistence.
and yes, cryptsetup is inside package-list (otherwise live-persistence from within running machine with crypted partitions would not work). Live tools I used for last run is 4.0.3-1 from unstable, before tried with 4.0.2-1 from testing.
I'm a long time user of Debian, but I'm having trouble with my partitioning process. Here is where I currently stand:
I am installing the latest Wheezy build. I am trying to install debian with an encrypted LVM that spans two hard disks.
My partitioning layout is as:
1. /home 2. /root 3. swap 4. /boot
I then added partitions 1, 2 and 3 to a physical volume group. I then took that physical volume group and added it to a logical volume. Then I encrypted the logical volume, leaving the /boot partition untouched. I was under the assumption that the only partition the system needed free to reach the loading of the LVM is the /boot partition, as it holds the files necessary for booting. But when I attempt to finalize the disk, it gives an error stating, "No root file system detected". That would be an issue as it is currently sitting inside the encrypted LV. Am I wrong in including the root partition in the encrypted LV?
What is the best way of having as little of my file system non-encrypted as possible while still allowing a proper boot?
I've created some encrypted partitions using Disk Utility, and would like them to be automatically mounted when Ubuntu starts up. Is there a guide to this anywhere?
I've gathered that it involves /etc/crypttab and possibly /etc/init.d/cryptdisks, but haven't had much success so far.
Ideally, some of the partitions would mount early in the boot process, while some of them can mount after I've logged in.
Does grub2 support booting off of encrypted partitions? I'd like to have an encrypted linux system, but only have space for one partition or logical group in my mbr. Or can I include that one /boot partition in the lvm group.
I just updated a system to Fedora 12. It has the same partition setup as the previous Fedora 11, but now when booting it pauses with a padlock icon next to a text entry box.I'm assuming it's trying to get my password to mount the encrypted partitions I have on the drive.
However, most of the time when I'm using that computer, I don't want those partitions mounted, and I would prefer to do a luksOpen/mount manually during those times I need the data thereon. Is there a way to get plymouth to ignore those encrypted partitions while it's booting, so that bootup doesn't pause for user input? I have an empty /etc/crypttab and the partitions in question are not in /etc/fstab. For anyone who's looking at this, pass "rd_NO_LUKS" on the command line to disable the initrd from looking for encrypted partitions to try to mount.
I have an encrypted partition which shows up in Dolphin file browser.But as a non-root user, I cannot unlock and mount it. A message in Dolphin comes up saying that a policy prohibits this. As root, this unlocking of the encrypted partition goes normally. I cannot find the setting to change in KDE perhaps;
I can see from /var/log/messages error messages and weird crashes that the disk in my laptop is on the way out. I plan to replace it but to do this I'd rather not have to install everything again.My laptop has these partitions:Windows Recovery (10GB)Windows 7 (NTFS 96.6GB)Linux /boot (ext4 100MB)Linux LVM (encrypted, 143GB)I need software that will allow me to create an image (or images) of all these partitions, save the image(s) to a USB hard drive and restore from those images once I've put the new, blank, hard drive into the laptop. Does anyone know of software (either open source or commercial pay-ware) or a technique to do this?
there is a way to mount, encrypted partitions as a normal user and not as root so that i may copy files into it using the file manager itself? even in the case of normal partitions other than /home, i can't seem add any data in them. the mount points i used are seperate directories within the /home partition?? also, is there a way to create partitions in such a way that it can be accessed, just as how windows partitions are accessed in linux?
I have implemented a web application on Linux that I want to deploy and sell to customers. I want to sell ready systems including the hardware. The application is written in PHP/MySQL. What I am searching to achieve is :
1) Find a way so that filesystem and partitions to be encrypted but without the need to insert some code when rebooting. So that if someone gets out the hard disks and attach to another system, cannot have any access to my files or settings. And of course when rebooting (e.g. after a power failure) encryption to be applied automatically.
2) I know that there are ways to bypass root password on a Linux system. Can all these ways be unassigned ? I want the only way to have access to system, to be by using the root password and nothing else.
I have thought of using a virtual server instead of a physical one (like deploying a virtualbox server) but still would like this to be the most secure possible including not only remote but also local access to system.
My home server runs Debian Lenny, and I'm about to upgrade the system drive to a larger drive.In the process, I want to take the opportunity to reorganize the partitions and resize them. For learning purposes, I'm planning to migrate from an MBR partition table to GPT.Because of those two changes, I can't just run "dd if=/old/drive of=/new/drive" (well, not without lots more work afterwards). I could use the debootstrap process to get a fresh installation on the new system drive, but I used that technique during the last system upgrade and it's probably overkill for this.Can I just copy the partitions from the old drive to the new?Will "dd if=/dev/hda1 of=/dev/hdb2" work, assuming /dev/hdb2 is larger than /dev/hda1? (If so, the filesystem can be resized to take advantage of the new larger partition, right?)Would parted (or gparted) be a better tool for copying the contents of the partitions?
I'm trying to work on the SmashTheStack wargame on Ubuntu, and I'm stuck at level 1 with using John the Ripper (JTR). I got the encrypted password and was able to run JTR on it using
Code:
but the output is
Code:
I'm pretty sure that the 'trying:' part is supposed to be the attempted passwords, but this one doesn't work, and this is the only one that gets output. When I run
Code:
I get
Code:
Which I'm guessing means that nothing happened.. what am I doing wrong, and how can I get it to work?
Didn't know where to post this as it doesn't really call under desktop or installations haha.Anyway, I have a bit of a problem. I've Installed Ubuntu 10.04 with and encrypted LVM password and it went on ok. When booting up the computer it comes to the screen where you enter your password to unlock the LVM which looks great.However after installing the NVidia graphics driver for the laptop and rebooting, the LVM password entry screen seems to be too big to fit on the screen, not looking very good....
So in an environment where I have 40+ sets of completely unique sets of logon credentials. The only way I've been able to manage this is by keeping them in a hidden and heavily encrypted text file in my home dir.Would like to hear alternatives to this approach if there are any, BTW. Right now I have a script that automates the process of un-encrypting the file, launching an editor and then clean-up with shred -u after editing and re-encrypting.
What bugs me is the interim where I have the file in an un-encrypted state on my drive. It doesn't seem necessary. I have a view script that allows me to see what's in the file without saving it to the drive.
I have F10 installed on my laptop with disk encryption enabled. When I boot the machine I get a "Password:" request on screen but can't start typing for 30 seconds or more.Presumably the OS is not ready. This means I have to wait at the keyboard tapping a key until I see asterix. It's a waste of time and frankly a bit clunky for a modern OS. How can I change the behaviour so that the "Password:" request only appears when I can actually type?
There was a recent thread in this forum regarding capturing of SSH passwords via the use of wireshark. The thread subject was closed, which is a decision that I both agree with as well as agree with the reasoning behind. The thread, however, raised a point of curiosity and concern that I would like to ask about. Quoting from a the book, SSH, The definitive guide,
The client authenticates you to the remote computer's SSH server using an encrypted connection, meaning that your username and password are encrypted before they leave the local machine. The SSH server then logs you in, and your entire login session is encrypted as it travels between client and server. Because the encryption is transparent, you won't notice any differences between telnet and the telnet-like SSH client.
I was under the impression that SSH was impervious to this type of eavesdropping, and quite frankly I take great comfort in that idea. I personally, only allow RSA keys for SSH access and (hopefully) avoid this problem (?) as a result. Does SSH really have a vulnerability in that the authentication is sent via plain text? How to ensure the security of SSH and not on anything that could be considered a how to 'crack' it.
I've set up a Lucid system with software RAID and encryption, with three encrypted partions - swap (/dev/md1), the root filesystem (/dev/md2), and /home (/dev/md3). The unencrypted /boot partition is /dev/md0.
This works well but the passphrase had to be entered three times at bootup. Obviously it would be preferable to enter the passphrase once to unlock the root partition, then have the others unlocked via key files. So I added key files to the swap and home partitions and modified /etc/crypttab to use them:
Code: md1_crypt UUID=8066adbc-584c-4766-b188-bc2a7b61a2f0 /root/keys/swap-key luks,swap md2_crypt UUID=bac82294-f3b9-45e4-89ad-407cf8b19b7b none luks md3_crypt UUID=7d82a0b7-c811-4cc3-9fe7-1961c74b5ff2 /root/keys/home-key luks The key files are owned by root and have 0400 protection. (The /root/keys
[Code].....
Since the swap partition is no longer referenced in fstab or crypttab, why is there still a bootup password prompt for it? What else needs to be done to stop it?
I want to have /boot as an ext2 (I don't need journaling and I might want to undelete something) and all other partitions in an LVM.When the server starts it will prompt me for the LVM password. I would like to be able to contact the server using SSH (or using another secure method) and tell the password. Since /usr/sbin and all the other partitions are inside the LVM I guess I have a problem?
Is it possible to setup something like this? The SSH session for the LVM authentication does not have to be a daemon. It can be something which just sits and waits until I connect and input the password. And then the "real" SSH deamon kicks in.
I installed 10.10nbr on my wife's eee 901. Now she cannot remember her password. I've tried booting to recovery to use the passwd command, but that does not work. I believe I encrypted the home folder when I installed. Normally if I don't encrypt home, then I enable auto-login.
