Ubuntu Installation :: 9.10 - Record Your Encryption Passphrase
Feb 7, 2010
I installed ubuntu 9.10 to a fresh partition on a HD that already contains a windows xp. During the install I opted to Require my password to login and to decrypt my home folder, (don't ask why, I regret it already). The install went well, I think, but when it came to reboot time I wanted to check that I could start windows xp from the new grub boot loader. Windows started fine so I rebooted again to try my new install of ubuntu. Now the system seems to get stuck at the little spinning wheel icon. I tried to boot to recovery shell but after entering my name and password I get:
Unable to cd to '/home/myname'
I rebooted using live cd. And mounted the file system as root. Now I have chroot ed into the system but that's as far as my knowledge gets me. I have googled to find the next step but am not finding a clear answer. I have found this [URL]. And here I see I should have seen a screen entitled: Record your encryption passphrase. But I didn't get to that screen. So is there any elegant solution? or am I destined to wipe the install and start again? Perhaps this problem is connected to the bug mentioned here [URL]. Optional encrypted partitions must be marked bootwait in /etc/fstab
In addition to the above, users who have configured any encrypted partitions in /etc/crypttab to start at boot time (i.e., not using the noauto option) should make sure that the filesystems on these volumes are listed in /etc/fstab if they are not mounted at a standard system mountpoint. Failure to do this on a desktop system will lead to problems from the X server and cryptsetup trying to control the console at the same time. At best, this will prevent the user from seeing the passphrase prompt; at worst it will also cause the X server to spin and consume 100% CPU. (430496)
I'm not sure, my /home is not on a separate partition.
/etc/crypttab is empty
# <target name> <source device> <key file> <options>
/etc/fstab is
# /etc/fstab: static file system information.
# Use 'blkid -o value -s UUID' to print the universally unique identifier
# for a device; this may be used with UUID= as a more robust way to name
# devices that works even if disks are added and removed. See fstab(5).
# <file system> <mount point> <type> <options> <dump> <pass>
proc /proc proc defaults 0 0
# / was on /dev/sda2 during installation
UUID=8e5f54dd-8d79-44da-9ddf-7f4e3bce2a64 / ext3 errors=remount-ro 0 1
# swap was on /dev/sda3 during installation
UUID=32bcb9fc-ff2b-4e37-a259-1bfabee7cee7 none swap sw 0 0
/dev/scd0 /media/cdrom0 udf,iso9660 user,noauto,exec,utf8 0 0
View 1 Replies
ADVERTISEMENT
Jan 4, 2011
Ubuntu's request for an encryption passphrase on installation could be greatly improved.
After installation, if the option to encrypt the home folder has been checked, Ubuntu prompts: "Record your encryption passphrase".
On running the action there are the following problems:
# When you type a passphrase, your keypresses are not indicated on the screen
# If you make a mistake typing the passphrase, and backspace, there is no way of knowing whether the backspace operation has worked
# The passphrase is typed once and the operation ends. There is no attempt to validate the correct entry of the passphrase by asking for it to be typed twice.
The combination of these shortfalls can be fatal. My last recorded encryption passphrase proved to be incorrect when after a critical failure I was required to enter my encryption passphrase to retrieve my data. It had not been backed up for a while. Ubuntu did not recognise my passphrase. Only after some dogged support from Canonical was the problem resolved.
I've just done a fresh install. I have butter fingers. I inevitably fumbled over the entry of my encryption passphrase. I have absolutely no way of verifying the passphrase I just set. Should Ubuntu ditch another critical failure on me, what do you think the chances are that my passphrase will work?
View 1 Replies
View Related
Sep 5, 2010
i have installed a ubuntu 10.04 (mini iso) w/ option of root encryption. Now i need to boot without ask for passphrase, but im trying to add a luks keyfile without success.i want to use a keyfile in the /boot partition or inside the initrd (cant be in external pendrive), but ubuntu aparently dont accept a keyfile in /boot or initrd file. I know, this way isnt very security, but i just need a basic encryption.So, how to force the use of a keyfile in /boot or inside the initrd for a crypt root partition?
View 5 Replies
View Related
Jul 28, 2009
I have currently a file server that runs on Fedora 9, and all other PCs (mostly running Windows XP) access the file server via SAMBA. Everything works perfectly! However, lately a home invasion in my neighborhood got me thinking. If they take my file server, my data is not protected. So, I would like to implement the LUKS partition encryption (/home) which sits on a separate disk. However, I don't quite like the decryption process at boot time. In other words, I would like to wake up the file server (WOL) remotely, and when it's done booting, I would like to log-in using the other PCs and enter the passphrase remotely to decrypt /home. Is this possible using LUKS encryption (i.e., cryptsetup)? If not, what would be another alternative to what I am trying to do using a secure encryption (so that the data is safe from thieves)?
View 4 Replies
View Related
May 31, 2010
I just upgraded to Fedora 13, with emacs 23.1. Now when I edit a .gpg (encrypted) file, emacs doesn't cache the passphrase, so when I save the file emacs demands that I repeat the passphrase twice.Previously, the following line in .emacs made it cache the passphrase:
Code:
(setq epa-file-cache-passphrase-for-symmetric-encryption t) This is supposed to work, according to the documentation [URL], but in Fedora 13 emacs it seems to have stopped working.
View 1 Replies
View Related
Jul 2, 2010
I got a little problem upgrading my ubuntu-nas with some storage.I wanted to add a new harddrive to my lvm but I stuck before getting to this point.I want my harddisc to be encrypted before adding it to the lvm.I tried the following:
Code:
# sudo cryptsetup luksFormat /dev/sdb1 -y
WARNING!
========
This will overwrite data on /dev/sdb1 irrevocably.
Are you sure? (Type uppercase yes): yes
... and nothing happens. dmsetup ls returns nothing.
View 1 Replies
View Related
Sep 17, 2015
I recently started installing Debian and I want to download and install a GUI in it. For that I could use my university Wi-Fi connection. I was told that it's a WPA2 secured connection. But when I tried to configure it, it keeps asking me for a "passphrase". I don't have a passphrase! All I have is my username and password for the Wi-Fi. What should I enter as my passphrase ? I tried both username and password and neither of them worked.
View 4 Replies
View Related
Mar 24, 2011
I just installed debian-6.0.1a-i386-netinst yesterday on my Dell Dimension 4100. I have a serial keyboard and mouse, which both worked fine during the install and the keyboard allowed me to enter the correct passphrase. After I enter the passphrase the PC continues to boot up, and it gets to a black screen with small fuzzy/distorted "DELL" logo's on the top part of the screen going from left to right.
What is wrong with my PC? What can I do to troubleshoot this?
I really would like to get debian up and running on this desktop
View 5 Replies
View Related
Jun 1, 2010
I just tried to install with Ubuntu 10.04 AMD64 Alternate on RAID1 and Encryption but after reboot the screen just stays black.
my system is a AMD Athlon 64 X2 Dual Core 4200+ on a Abit AN-M2HD Motherboard, and 2 HDs each 250.1 GB
i split the HD into
* 50GB for /
* 200GB for /home
* 1GB for swap
all get a RAID1
/home is encrypted with passphrase (Twofish 256, cbc-essiv:sha256)
swap is encrypted with random (Blowfish 128, cbc-essiv:sha256)
where can i check RAID and hardware compatibility?
View 9 Replies
View Related
Jul 21, 2010
I'm a relative newby to Linux so forgive me if this is a simple question. I know that if you install Ubuntu using the alternate CD, you can create a whole disk encrypted installation, but what about after a normal installation? What is the best procedure to use to get more than just the home folder encryted? Installation of Fedora 13 gives the option during a normal install to encrypt more than just the home folder. I really only want to encrypt my Ubuntu partition. I have a laptop with a multi-boot setup with Windows 7, Fedora 13 and Ubuntu 10.04 all residing in their own partition. Because of this setup I really can't use whole disk encryption. I use Truecrypt on my Windows 7 partition and it works great but encryption of a Linux system partition is not supported.
View 4 Replies
View Related
Jan 29, 2011
I managed to get a cheap refurbed netbook recently (Samsung N150) and I'm wanting to put Ubuntu on it. As it's also likely to be used when travelling and have things like chat logs, photos, and other such things I'd like to do full disk encryption. Also I've been pointed towards 10.4 as apparently the 10.10 netbook desktop isn't to everyone's taste.
So I tried using unetbootin to make a bootable 10.4.1 i386 Alternate usb stick, which hit the problem of no cd drive. I found an item to add to the boot (cdrom-detect/try-usb=true) which got it a little further, but at a copying stage it threw an error saying it couldn't copy off the disc.
Finally I tried making a unetbootin of the mini iso (does mini even support full disk encryption?) but that seems to hang after selecting a mirror.
EDIT: Well it seems I was just impatient on the mini ISO and after a few minutes it's gone onto time-zone, though of course this could get rather tiresome without a local mirror, especially given this may go through more than one iteration.
View 1 Replies
View Related
Feb 13, 2010
I've been wanting to do this for a while and after upgrading some of my pc components I decided I would finally try to dual boot with full disk encryption on both windows 7 and Ubuntu 9.10. I managed to encrypt the windows drive with truecrypt and that worked. I installed Ubuntu 9.10 using the alternate cd and everything but /boot is in an encrypted LVM. Each OS is on a separate SATA drive the windows is on sda1 and ubuntu /boot is sdb1.
To setup the dual boot I started out following the tutorial [url] but its for XP and versions of ubuntu that use grub not grub 2. I ran dd as posted and saved the files it produced from truecrypt. I then ran into some problems with grub reinstallation so I simply reinstalled Ubuntu 9.10 from scratch again. This put grub 2 on the computer. I've managed to get it to add a Windows 7 option.
However, when the option is selected truecrypt comes up and says that the bootloader is corrupted and that I need to use the repair CD I burned before I encrypted the drive. My question is does anyone have any experience dual booting using Truecrypt on Windows 7 and LUKS/dm-crypt on Ubuntu 9.10 with grub 2? And how would I get the boot menu to work? I'd rather not reinstall but if I have to I have images from right before I encrypted so it wouldn't be the end of the world.
View 4 Replies
View Related
Mar 28, 2011
To structure the layout of my partitions. I'm installing Windows 7, Backtrack 4 R2 and Ubuntu 10.10 Desktop on my laptop. I've got a 500 GB HDD named sda.
I've already installed Windows 7. It's my opinion that it's easiest to begin with Windows.
The partitions look like this right now:
The Windows installation is unencrypted and I want it to stay that way. It's only there in case my laptop gets stolen, I've installed various nasty things there.
The Backtrack 4 installation will also be given 100 GB space, I want it to be encrypted. The Ubuntu installation should get the rest of all the remaining space and preferably be encrypted but it's not 100% necessary.
How I should partition this? There's a limit on 4 primary partitions? How do I circumvent this? There should be one dedicated GRUB partition which will point to each of the installations own boot loaders?
View 8 Replies
View Related
Aug 27, 2015
I have been trying for close to 7 hours now to create a working encrypted bootable usb key for debian now.
I start by running the debian installation dvd (1 of 3. I downloaded and burnt all three ISO's that I found here: [URL] .... (2015-06-06 17:33) to disk), and when I get to the partitioning part, I cannot get an encrypted volume that will hold the root filesystem.
Here is what I have tried:
I have tried the Guided partitioning option to use the entire disk and set up encrypted LVM, to no avail.
I am left with a primary boot partition of 254.8 MB, at ext2 with /boot mountpoint on it, and a logical partition of 15.8 GB, with crypto as it's file system that says it's "not active". This bit here seems to be a running theme as I keep coming back to this set up, (give or take some space arrangement). From what I've read and seen, I should be seeing an Encrypted Volume container similar to LVM, but called an "Encrypted Container" that I can create additional partitions in like / and /home, and what have you.
And I can't "activate" the partition either. I have tried both the Configure Logical Volume Manager, which changed the partition to an LVM partition that dosn't encrypt anything inherently (and I have checked), and I have tried the Configure encrypted volumes option, which leads to the same results basically.
I have tried manually creating the partitions, a 512 MB ext4 /boot partition and then partitioning the rest of the space as "physical volume for encryption" with aes encryption, 256 key size, xts-plain64, Passphrase encryption key, erase data flag, bootable flag off.
Same result, 1 primary boot partition, 1 logical (I later tried making it a primary partition to, with the same results) crypto volume that is "not active".
I also tried setting up the a logical volume manager, which created a container to create additional partitions in which I could encrypt, but it was either a partition dedicated to something (i.e. root (/) or /home, or /swap, etc) or it could be encrypted, but not both. I even tried creating a root partion, and then selecting Configure encrypted volumes, and then selecting the root partition, and here is where I thought I was getting somewhere, because then it comes up giving me all the same options above, but it also specifies mount point under encryption. Which is /, which is what I'm after. So I accept that, and it goes back to being crypto, "not active" and when I check the partition again, the mount point option is gone.
Last thing I tried was going back to having a 512 MB /boot partition, and an encrypted partition set up with Configure encrypted volumes option, and then specifying the encrypted partiton with the Logical Volume Manager as the place to create logical groups and volumes, to little avail. I can create more volumes that are either encrypted, or a useful non encrypted volumes like / (root), /home, /swap, and the like, but not both at the same time.
Following this guide: [URL] ....
This leads me to a useable system, but the system wasn't encrypted. When I booted, I wasn't asked for a passphrase, and I checked the stick with my old linux mint dristro, and I was able to mount the logical volume and look at the contents, /etc, /home, /var by activating the partition in GParted and mounting it.
A number of users seem to mark an encrypted partition as lvm and then create more logical volumes within that that either actually become encrypted, or they don't check. I'm not sure which after my testing.
[URL] .....
I have also read this: [URL] .... and this [URL] .....
I found this which shows the container I believe I should be seeing if I do this right, but I can't get it : [URL] ....
I have also watched movies on youtube about it : [URL] ....
Could the issue be that I'm using a Lexar JumpDrive? 16 GM USB 3.0.
I've gotten debian to run off of it on it's own so I kind of doubt it.
View 2 Replies
View Related
Oct 21, 2015
I would like to configure my Debian Jessie system in this way.
Two partitions:
1) /boot on /dev/sda1
2) everything else on /dev/sda2
I want to encrypt the second partition with LUKS. And then install over it a LVM volume. Inside the LVM volume i will create the / (root), /var, /opt and /home virtual partitions. In this way, i'll get asked only once for the password to decrypt all partitions. Because if i don't use LVM, then i'll get asked for the password for each encrypted partition.
I can follow and understand almost everything of this HOW-TO for Archlinux: [URL] ....
Only two passages are unclear to me:
1) Configuring mkinitcpio
I don't understand what i should do here in order to complete this. What should i do in Debian to configure "mkinitcpio"? what is the equivalent thing to do here?
I thought that the kernel would automatically recompile itself with all installed modules on the Debian system, once cryptosetup/LUKS or LVM2 get installed.
2) Configuring the boot loader
I don't understand what should i write in /etc/default/grub. Will GRUB automatically load the LUKS and LVM2 modules? Also, I don't think that i could boot the system in this way:
cryptdevice=/dev/sda2:LVM root=/dev/mapper/LVM-????
Actually the "root=" volume is the whole volume to mount as LVM. It isn't the final root partition.
View 5 Replies
View Related
Aug 20, 2011
I recently bought a new hard disk for my /home tree. I don't have encrypted home directories currently, but I was wondering if there is an easy way to encrypt my home directory so that it is automatically decrypted when I'm logging in (console/kdm). Basically I would like to manually do same thing as Debian installer would have done.
I'm running Squeeze.
View 2 Replies
View Related
Mar 7, 2009
What should my partitions look like? I want to install this to my hard drive, I'm currently running it from DVD.
My drive is sdb
It has 153.3 GB (157065 MB)
I want to know what format type should the partitions be, and how many megs they should be. Which partitions to encrypt, and which I don't need to.
View 3 Replies
View Related
Mar 28, 2010
I want to upgrade from another distro to ubuntu server for a few reasons. The only problem is I have a lot of data that needs to survive. here is how my computer is setup. I've 5 drives on the computer,
A- 10gb drive for OS and swap only, no data
B,C,D,E - 4x 500 GB drives in a LVM. they make up one large drive with xfs and this volume has about 1.2 TB of data. there is nothing fancy on it, no encryption and no software raid of course the little 10gb drive can be formatted no problem, but the LVM needs to be migrated over intact.
View 5 Replies
View Related
May 15, 2010
I rebooted, and got a new GRUB error:
recordfail=1
if [ -n ${have_grubenv} ]; then save_env recordfail; fi
set quiet=1
insmod ext2
set root=(hd0,2)
search --no-floppy --fs-uuid --set 7b4afbe0-28fe-4403-bd86-c4364bf10f98
linux /boot/vmlinuz-2.6.31-16-generic root=UUID=7b4afbe0-28fe-4403-bd86-c4364bf10f98 ro single
initrd /boot/initrd.img-2.6.31-16-generic
View 8 Replies
View Related
Nov 27, 2010
I think I managed to corrupt my master boot record, or have a very intractable problem with Grub.
I'm not sure how I did this, but my desktop will boot Ubuntu fine from a USB, but every time I try to install it, the install seems to go fine, but when I finish the install and the machine tries to boot the OS from it's hard drive, it does not work. The monitor does not get a signal and it just goes to sleep.
I tried posting here to resolve the problem before, tried everything on this thread: [URL]
But nothing worked.
I have even tried running the system from a USB, running a "shred" command for the hard drive and then reinstalling - my theory was that the shred command would destroy all the data on the hard drive anyway, and allow a "clean" install from whatever was corrupt on it, but no luck - when I installed Ubuntu on the hard drive, same problem.
I'm not clear where the problem lies now, I'm assuming there is something up with it's master boot record, but there are no partitions on it's hard drive and I started with a completely blank, unformatted drive.
View 2 Replies
View Related
Jun 7, 2010
I have a Windows XP/Windows 7 dual boot system. My problem: [URL]. I follow these instructions to the letter, the live "CD" works fine - using a USB stick, I do not have a DVD drive, in- or external -. When I try to install Ubuntu from the live system, it corrupts my master boot record, I get the Error: No Such Device #####################. After I fixed this I tried to install Ubuntu under windows, using the same usb's wubi installer. The install completes, I reboot, and after selecting Ubuntu in my boot menu, I get that likewise well known error with wubildr.mbr [URL]
Rebuilding the USB stick doesn't make any difference, it behaves the same way. The wubi installer has the very annoying habit of downloading the iso during the installation procedure every time, I don't know why I can't just select the iso downloaded in the first step of the above link. This way I cannot check any md5 because I have no idea where it downloads the iso. What should I do to get Ubuntu working? Reinstalling any of my Windows systems is not an option, it is every time like gambling, I am using the same installation files, but sometimes the result is just not the same.
View 2 Replies
View Related
Oct 15, 2009
I need to install a lvm2 group with encryption and have the /boot file stored within. Is this possible in Fedora's graphical installer? I know it can be achieved in Arch(I know I'll need grub2, I assume that's coming in Fedora 12) I can always install it separately.
View 6 Replies
View Related
May 31, 2011
what purpose does it serve to use a passphrase? Once the keys are generated the passphrase isnt used? Or what am I missing??? I did not use a passphrase and understood that there was no security implications of not doing so. Is this correct?
View 6 Replies
View Related
Dec 23, 2010
I am building an active directory and using BIND9 as my DNS. To allow for secure dynamic updates from the domain, I am enabling GSS-TSIG as detailed here and here. Unfortunately, some of the commands and configurations used here seem to be depreciated, at least in the newer versions that I'm using. My issue is one of keytab encryption. I generated a keytab using ktpass.exe on the Windows Server 2008 domain controller. I have tried DES/MD5, AES128/SHA1 and AES256/SHA1, each have been turned down by ktutil on the kerberos server (FreeBSD). Each time, it outputs the following error: ktutil: AES256/SHA1*: encryption type AES256/SHA1* not supported *Respective to encryption used.
I cannot find a list of suitable encryption schemes that ktutil will accept. The FreeBSD handbook details a means of producing a keytab file, but I'm not sure how to configure the Domain Controller to use the keytab.
View 1 Replies
View Related
Mar 21, 2011
I've been using squeeze for a year or two now, on a PC dual booting with windows xp. Not long ago I thought that, as it's now become the stable release version, I'd do a fresh install, which I've been trying to do with the first two dvds. The installation proceeds as expected, up to and including setting grub. However, although grub saysthat it has detected windows xp, and I tell it to set up the dual boot, the computer on reboot goes straight into windows xp, with no on-scrteen option shown for choosing debian.
View 6 Replies
View Related
Sep 2, 2010
I'm trying to add a key to a new slot from a keyfile that I created, but I keep getting an error and I don't know what the problem is.
Code:
root@ubuntu:~# cryptsetup luksAddKey --key-slot 1 /dev/sda5 -d /media/Ubuntu_10_04/etc/cryptkeys/swap.key
No key available with this passphrase.
content of swap.key
Code:
nBPeNCr_PS-yEv5SYEyyzaEextllDLo7aHs7yZGW9dtC48GDlte6WYQe7iG2poJr84U6twxu1DImZcyoBPB1q1AjYAanPsre7qLr7VnN4G6u1x_WG-sja6U_pvnks9CTgcD4UmfBw9mkrU3YY4GknQXtpLvkiBkM1soJ0SYYQ2r-7CDZJvaiYJb9eOKKbMsjlrEG39IBdQwdcEp3D7PK5paTYZdVHU2ygrJvJy-sJly4oqb2274DO8hbYviQsPdawetglkhhhhhhh98h4erwjerfkasjnfhsahfocLnBPeNCr_PS-
[code]....
View 1 Replies
View Related
Jan 29, 2011
I am a noob who is playing around with setting up a home print/file server using Ubuntu Server 10.04. I have successfully setup the server and am now configuring the SSH server so I can control remotely.
I have setup RSA keys with a passphrase as outlined in the SSH - Ubuntu Community Documentation. However, when I log in remotely I am only asked for the passphrase the first time. Any subsequent log-ins simply take a few seconds to connect without any passphrase request. After restarting my laptop (that I use to connect remotely), I am again asked for the passphrase only the first time and subsuquent logins are without a passphrase. I would like to know if this is normal and if there is a way to have passphrase requested on each login.
View 3 Replies
View Related
Mar 11, 2011
I have recently installed Debian alongside Vista on the same boot menu using the GRUB booting device. Only problem is, I couldn't boot Vista at all any more, so I removed my Debian installation from that drive. But the GRUB boot record persists, I don't have the Recovery disk to restore my old system, so I have to find a way to manually remove the GRUB track and put the old record in its place. I assume there was a copy made of it by the installation program, now my only problem is to find that file and copy the content back in place (at the address at the very beginning of the drive) all that by using Linux code, since that is all I have left. Being new to this game, I have no idea how to begin writing the right command for a job like this
View 3 Replies
View Related
Mar 11, 2011
A few days ago I installed my first Linux product, which is Debian 6.0, and I installed the GRUB booting device on my main boot record, as it was suggested that it was a harmless step to take. Unfortunately, some quirk in my system made GRUB believe that I had XP when in fact I have Vista, so the options I have now are to boot Debian or to boot XP which is not on my computer. In other words, I have to get rid of GRUB now, but I'm realizing that he's not such an easy customer to kick out. I have moved my Linux installation to another drive, but the old GRUB always stays in place, and my Vista is stuck there frozen for eternity. So after considering all kinds of possibilities, I have come to the conclusion that the easiest way to restore my original boot record would probably be to find its backup copy that I assume the installation program made, and to copy it back into the right address at the beginning of the disk. I don't have the Vista recovery CD, so I really have to do this manually. So now my questions are these: did the installation program make a copy of the boot track, and if so, where did he put it and under what name, and finally, what command can I use from within the Debian terminal, which is now my only tool left, to copy the content of thesaid file into the first 512 bytes of the hard drive? I know that would be a simple matter for any serious geek, I guess I must be a little rusty. Anybody feel up to it?
View 9 Replies
View Related
Feb 21, 2010
I've set-up a Linksys WPC54G v5 wireless card using ndiswrapper and the appropriate Marvell driver. It seems to work ok. On my other laptop running Kubuntu with built-in wireless the routing all works fine - I just get prompted by Network Manager for the WPA passphrase and I'm away. However, when I try to connect to my wireless router on thix Xubuntu-based laptop I get really odd security options.
When I try to connect I get a security prompt asking me for a bewildering array of information. There are four basic authentication options under "WPA & WPA2 Enterprise": TLS, LEAP, Tunnelled TLS and Protected EAP. None of those offers a simple passphrase, they all have some combination of username & password with certificates and keys. If I try to connect to other networks in my area, some do just ask for a WPA passphrase, not that I know them to check!
View 1 Replies
View Related
