I burnt an Ubuntu Server 10.4 LTS iso to a CD and have started installing to my system: ASRock ION330, 4GB RAM, 320GB HDD. I'd be using it for web hosting, maybe mail, and programming. And possibly watching video (by HDMI into TV).
When I get up the the LVM part, I'm having trouble deciding what option to take. Some of them:
"Guided - use the entire disk and setup LVM"
"Guided - use entire and setup encrypted LVM"
"Manual"
After using google fu, I think I get the basic idea of LVM, that it abstracts the partitioning so I can change the size of them on the fly. This means I can change it later, but the installer also mentioned that once I choose something, I couldn't turn back or something, which made me panic.
Also, if I choose encrypted, how does that affect my day-to-day usage? Do I have to type in my password every time I access a file or save one? That doesn't seem right. Then what's the point of encrypting? Is encryption worth it? Google isn't telling me this sort of information (and I can't find it in help on the ubuntu website). Keep in mind that I'm really just guessing.
Given my above hardware, and usage, should I just take "Guided - use the entire disk and setup LVM"? Is encrypted a good idea?
I installed Ubuntu 10.10 64 on my laptop with the entire 500gb setup as encrypted LVM. This has worked well for several months with no problems. During this time i have been backing up the data to an external usb drive (1tb) on a regular basis. The usb drive was not encrypted. So, I thought it would be a good idea to encrypt the backup drive too. I wiped out the backup drive and set it up as one large encrypted lvm and mbr. This seemed to work fine but immediately afterwards I decided to erase that and set it up as encrypted lvm guid instead of mbr. I couldn't delete it while logged into my desktop so i decided to do it from a bootable gparted usb stick. In gparted i erased the 1TB backup drive once again and planned on setting it up the way I wanted once I was logged back into my ubuntu desktop. Now I cant boot into my desktop with the following errors:
cryptsetup: evms_activate is not available b0d) does not begin with /dev/mapper/
Then after waiting for a few minutes I get an error followed by (initramfs)
When booting from a live version of ubuntu the 250MB boot patition is recognized and 500 partion is there but it is labeled as empty/unused.
Also, I did choose to use the exact same passphrase as what is used on the main bootable drive when I set up the encrypted partition on the external 1TB drive.
I've just started using ubuntu one. However, some of the files I store on there are sensitive so I encrypt them using seahorse. Right click, encrypt etc etc. My question is, is there a way to automatically get the encrypt process to delete the un-encrypted file when it makes the new encrypted copy?
There was a recent thread in this forum regarding capturing of SSH passwords via the use of wireshark. The thread subject was closed, which is a decision that I both agree with as well as agree with the reasoning behind. The thread, however, raised a point of curiosity and concern that I would like to ask about. Quoting from a the book, SSH, The definitive guide,
The client authenticates you to the remote computer's SSH server using an encrypted connection, meaning that your username and password are encrypted before they leave the local machine. The SSH server then logs you in, and your entire login session is encrypted as it travels between client and server. Because the encryption is transparent, you won't notice any differences between telnet and the telnet-like SSH client.
I was under the impression that SSH was impervious to this type of eavesdropping, and quite frankly I take great comfort in that idea. I personally, only allow RSA keys for SSH access and (hopefully) avoid this problem (?) as a result. Does SSH really have a vulnerability in that the authentication is sent via plain text? How to ensure the security of SSH and not on anything that could be considered a how to 'crack' it.
I learned from another post that Ubuntu (Gnome) will be doing away with panels as of 11.10 so I am in the process of downloading Lubuntu to have a look see. To keep myself amused during the download I have been poking around in various documentation pages and came across one on ubuntu.com about backup. It points to some pages on Ubuntu One.
The tech specs indicate that communication to/from Ubuntu One use SSL. However, I do not find any information as to the actual storage of files on the Ubuntu One servers (the FAQ page seems to be down at the moment). Can anyone tell me if the files which are synced to the server are stored in an encrypted format on the server?
I'm interested in using pam_mysql or pam_ldap for authentication with my vsftpd server on CentOS. Does anyone know if, when pam_mysql connects to a remote database, whether or not the connection is, or can be, encrypted with SSL or some other means? While I know that passwords are hashed, I'd rather not have my usernames or my pam-related SQL queries travel in the clear.
If pam_mysql DOES communicate only in the clear, what about pam_ldap? I'm more familiar with LDAP than pam_mysql, and have always secured my conversations with LDAP servers when using an LDAP client or my own LDAP connection libraries.
I just installed Ubuntu 10.04 and decided to encrypt the entire hard drive for the first time. I followed the tutorial on how to install Ubuntu and encrypt the hard drive during installation, located here: [URL]
Everything worked as planned, however, I cannot successfully add a user. Specifically, I can add a user account, but when that user logs in, they receive an error stating: "Could not update ICEauthority file /home/username/.ICEauthority". Closing this window results in a second error: "There is a problem with the configuration server. (/usr/lib/libgconf2-4/gconf-sanity-check-2 exited with status 256)". Then I get errors stating that Nautilus could not create the Desktop or .nautilus folders. After this, the computer hangs indefinitely at the desktop wall paper.
I have googled these errors and found several different solutions, none of which have worked. I have looked in the user director and there is no .ICEauthority file to change permissions on. I suspect that this has to do with the encryption I did, but an evening of looking through google has resulted in no joy.
This is not a regular backup. I only want to backup selective directories so personal files (photographs, documents, sourcecode) will be kept safe in case of a total system meltdown. This'll be 15GB max. Basically the digital variant of a fire resistant safe. I looked into duplicity but that requires me to install gpg keys on the target machine, which I can not do. I rather have a solution that just relies on just a working shell account and diskspace on the target server.
I thought of writing a simple script to do the following: 1. Mount remote server with sshfs 2. Mount encrypted container at remote server (LUKS, TrueCrypt?) 3. Loop over predefined directories on local machine and copy to encrypted container (rdiff-backup?)
Based on these requirements: - Target server is "dumb": only ssh access + diskspace (i.e. no installing of gpg keys) - Encrypted container should grow/shrink to fit contents - Encrypted container should be easily decryptable on any OS if you have the password - Once data leaves client server it should be encrypted: sysadmin on target server should never be able to see unencrypted data.
Installing Debian on a new laptop and read that Debian-Installer (DI) can create an encrypted partition (/home) during installation.However, when I went through installation and started the manual partitioning (standard, non-lvm) , I am unable to locate the encryption option.
I need a webserver (LAMP) running inside a virtual machine (#1) running as a service (#2) in headless mode (#3) with part or the whole file system encrypted (#4).The virtual machine will be started with no user intervention and provide access to a web application for users in the host machine. Points #1,#2 and #3 are checked and proved to be working fine with Sun VirtualBox, so my question is for #4:Can I encrypt all of the file system and still access the webserver (using a browser) or will GRUB ask me for a password?If encrypting all of the file system is not an option, can I encrypt only /home and /var/www? Will Apache/PHP be able to use files in /home or /var/www without asking for a password or mounting these partitions manually?
I have XP on sda1, Fedora 11 encrypted on sdb 1 (boot) and sdb 2 (root), I would like Ubuntu on sdc 1 (boot) sdc 2 (root). However when I tried to install from the cd the partition manager does not see my Fedora as an OS (I assume because it is encrypted). So my question is how can I achieve my triple boot without having to have my Fedora unencrypted. I want it encrypted for a reason.
Also I cancelled the installation for Ubuntu and it reverted to a Live cd and I tried to mount my Fedora encrypted drive. Ubuntu asked for the pass and when I entered it I get an error saying it cannot be mounted because it is not a mountable file system. This is not good for me because I would like to be able to access all my hdd's from both distro's.
After trying out ubuntu for a while (and messing something up that required I reinstall), I installed karmic using the encrypt home directory option. Now I can't run several programs, such as Computer Janitor, SBackup, Software Sources, and Synaptic Package Manager (I can run Synaptic only if I launch it through a terminal using "sudo synaptic"). All of these programs worked flawlessly for me when I didn't have an encrypted install. I am very new to linux, the join date to the left is about when I started trying ubuntu
How can I set up an encrypted LVM without using the "Guided - Use entire disk" option of the alternate installer.
My drive is quite big and I would like to be able to have my encrypted LVM as well as an extra LUKS encrypted partition which I could mount whenever needed. Unfortunately the options in the alternate installer do not allow me to do this without using up the entire disk.
there are some configuration files where linux require the password of application user, to do something.how can i to encrypt the password in these files? Or how can i to store that password in encrypted file and retrieve it in secure mode?
I have implemented a web application on Linux that I want to deploy and sell to customers. I want to sell ready systems including the hardware. The application is written in PHP/MySQL. What I am searching to achieve is :
1) Find a way so that filesystem and partitions to be encrypted but without the need to insert some code when rebooting. So that if someone gets out the hard disks and attach to another system, cannot have any access to my files or settings. And of course when rebooting (e.g. after a power failure) encryption to be applied automatically.
2) I know that there are ways to bypass root password on a Linux system. Can all these ways be unassigned ? I want the only way to have access to system, to be by using the root password and nothing else.
I have thought of using a virtual server instead of a physical one (like deploying a virtualbox server) but still would like this to be the most secure possible including not only remote but also local access to system.
Centos 5.3 includes Ext4 and improved support for encrypted file systems but it appears to be aimed at laptop/desktop systems, in that a password must be entered at boot time.
Is it possible to have a server with an encrypted root file system boot up without entering a password?
Mandos will do it... http://wiki.fukt.bsnet.se/wiki/Mandos ...by serving up the password from another server... http://packages.debian.org/squeeze/mandos ...to a client loaded into the initial RAM disk environment... http://packages.debian.org/squeeze/mandos-client ...but it's not available on CentOS, and is only in Debian unstable.
Is there a similar (or any) solution for CentOS?
In particular, I'm envisaging encrypted virtual machines being served passwords from their virtual host.
Alternatively, the data that *really* needs to be protected could be encrypted while the system core remains unencrypted. But then the keys to decrypt the file system must be stored in the unencrypted portion, so this is not an effective method.
I tried upgrading to 10.04, and now when it boots it just goes into a grub2 terminal and doesn't display a boot menu. I tried re-installing grub2 from the live cd, but that didn't do anything. I figured if I've hosed the last install I'll install from scratch, but I can't even access my files from the live cd! I did a bit of searching and everyone seems to just encrypt ~/Private, whereas I've encrypted the whole home directory. So much for security... In the live cd, it has a readme.txt and says to type "ecryptfs-mount-private" to access the files, but it just gives the error "ERROR: Encrypted private directory is not setup properly". What do I do?
I purchased a larger hard drive to upgrade my HTPC running MythTV and a Samba file server. I put the old hard drive into an e-SATA enclosure and can still boot to it to access my files, but I can't seem to mount it correctly under the new installation to copy over my files even though I have the mount passphrase and encrypted filenames key.I have tried using this howto, but I run into problems with the encrypted filenames.This is how I'm doing it. I replaced the actual key data with A's and B's to protect my keys:
I'm wiping out / on an Ubuntu box but want to keep everything in /home/, which is mounted on a different partition. Using Code: ecryptfs-unwrap-passphrase ~/.ecryptfs/wrapped-passphrase I have unwrapped the passphrase, resulting in a ~25 character alphanumeric string. Is it possible for me to install from a disk and give the installer the (current) passphrase so that it will automatically mount my home directory?
I used Windows XP's encryption to encrypt some folders on an NTFS Hard Drive.Upon mounting this drive in ubuntu, I can see all folders, and all file names, but I cannot open the contents of the encrypted files, getting "Permission Denied" despite all permissions being -rwxrwxrwx.Is there a way to open these from linux? I know the Windows XP login / encryption password.
I just replaced my Fedora 14 installation in which I have an encrypted LVM which contains /home and /tmp (no, I didn't back up ), when I boot I enter my password, and get dropped to the maintainance login a few minutes later. I'm wondering how I can mount my /home from the Live system so I can just back up over the network.
I haven't worked with LVM very often so I'm out of my depths on this.
This is my partition layout as reported by the installer: screenshot
Edit: upon boot the system tells me that /dev/mapper/logvol01 and /dev/mapper/logvol00 don't exist
Edit2: Nevermind, Disk Utility is smarter than I am.
I have installed Kubuntu 10.04 x64 from scratch using the alternate installation CD and unfortunately I'm experiencing some serious troubles. Everything worked fine, installed packages, moved my backed-up data to my encrypted /home partition - until I rebooted. Usually I reboot the system right after the installation process to see if the boot process shows any errors, but what can I say, seems like I forgot to do it this time .
The problem is that the boot process just "hangs" right before the login window should disappear. By "hang" I mean dead: no switching to virtual terminals, no CTRL-ALT-DEL - the system just freezes. I'm quite familiar with doing things shell-wise, so I started the "Rescue Mode" from the alternate CD and was able to mount my root partition.
Problem #1: No faulty log entries whatsoever: dmesg, boot.log, messages etc. all looking fine - except Xorg.0.log. I suspect the proprietary Nvidia drivers to be the culprit here, because what I'm getting is: "Caught signal 11 (Segmentation Fault). Server aborting"
Running "startx" as root from the rescue shell gives the same results: complete system freeze. "Looks like a reinstallation candidate, let's just backup my data" I thought, which brings us to
Problem #2: I can't mount my encrypted /home from the rescue shell. The exact steps involved are:
Mount my root partition and chroot to it. Issuing "ecryptfs-mount-private" gives the following error message: "ERROR: Encrypted private directory is not setup properly" Becoming my user "su - faulty" and trying step 2 again yields the same results. I feel like I'm almost there: I'm executing commands in my root environment, just can't seem to access my data which I'd like to backup before doing a clean reinstall. Any thoughts?
I want to create a user with a encrypted home folder. I tried "sudo adduser --encrypt-home username" but I get following error "adduser: Could not find program named `ecryptfs-setup-private' in $PATH". I installed the cryptsetup package but without result.
Alternate CD on USB - Natty not mounting Encrypted Volume I get initramfs prompt. I have a Dell Inspiron Duo. I've tried to install Natty i386 and AMD64. I set my / (root) and swap under LVM under an encrypted volume. Used manual partitioning. But after reboot, I successfully enter the passphrase, swap and root are not mounted.
Now, I've had this working with 10.10. System seemed a little quirky after the upgrading it to Natty. So, I wanted a fresh install. Used Unetbootin to run ISO from USB and also from one of my other partitions. I've tried installing at least 10 times, some repeat, some variations.
I had errors pop up when I tried updating my 10.10 to 11.04 so I ended up having to do it from a Live USB which installs it over everything (fine by me).Unfortunately I forgot I had an encrypted /home directory. So various messages and stuff came up when I tried to log in.nfortunately I don't remember what my encryption passphrase is offhand, so I moved it to a slightly different folder name and had to have a new directory created for my username.It's still there, but how can I try to open it trying the various versions of the passphrase I think it may be? Can I double-click it and try?Also, in the future what is the best way to handle a "fresh" install that I want to connect to my encrypted /home directory?
I just tried reinstalling ubuntu 11.04 from the live disc, installation went well but afterwards I cannot get access to my home directory which is encrypted and I stupidly forgot to note the mount passphrase. is there anything I can do? where would the mount passphrase be stored from the previous installation and is there any chance of recoving it. Home and the root are on the same drive and the installation did not format the drive.
I've installed Ubuntu 11.04 on a Fujitsu Esprimo E900. During installation, I've used the guided encryption setting because neither GRUB nor LILO would ever install on the LVM configurations I created myself. So after installing Ubuntu 11.04, when I boot regularly, the computer freezes completely. When I try to launch the recovery mode kernel, I get this far and then the computer locks up, too. Ubuntu lockup during boot by germanium, on Flickr
You can see the label is sdb5_crypt which is a bit odd since the partition is on /dev/sda. However, I already tried changing grub.cfg to /dev/sda instead of /dev/sdb but that didn't do anything. This is all a bit odd to be. The funny thing is I've been trying to set this computer up for a month and I'm a professional programmer (Java, JavaScript, Groovy) with 20 years of programming experience and I never thought Ubuntu would be this hard to install on a more-or-less stock Intel box.
I want to install debian 7.7 to a laptop with encrypted LVM, but some how i can't install inside the LVM a separate /home and swap partition. Graphic Installer says i cannot change anymore after i made a encrypted LVM. When i make the separate partitions before making an LVM, i can encrypt them but i have to enter for every partition my passphrase. How I can create a LVM with /, /home and swap without entering three times my passphrase.
After my NVIDIA card died I decided it was time to buy an AMD card again (R9 270X), but I didn't think AMD drivers were such a pain in Linux as people said. Of course, in some distros anyway. On Arch, for example, there's no official release because Arch's developers would have to hold Xorg in order to make a closed-source driver available, because AMD's pace isn't in pair with Linux. So in order to install AMD's drivers on Arch I must rely on some guy's unnoficial repositories, but that isn't the whole problem. Even though I'm cool with adding repos and downgrading Xorg, I'm not cool with it not working for a lot of apps, so that's where I decided to try a few distros. Manjaro is a no-go because it installs Flash as default. openSUSE although is a very good distro, is a complete mess when it comes to repositories, specially multimedia ones. Ubuntu/Mint are also a no-go, Ubuntu because after 12.04 they have a spyware by default, and Mint because it contains non-free stuff by default.
So here I come! I ran Debian in the past for a long time (aside from a breaf period last year) and it was lovely, I could easily set up a custom encrypted install, but now I don't remember how to, and it's killing me. I don't like how the installer doesn't show the partitions size as they actually are, and I don't like how the automated encrypted LVM setup doesn't let me chose the encryption algorithm or the timeframe between each passphrase attempt. That's why I must create my install, and here's what I used to do on Arch (the part that really matters), converted to what I use on Debian:
Code: Select all# modprobe dm-mod
(create one 1GB partition for /boot, unencrypted ; create another big 930 GB formatted as "8e" - LVM - on dev/sda2) Code: Select all# fdisk /dev/sda (chose my ciphers and iter time) Code: Select all# cryptsetup -c twofish-xts-plain64 -y-s 512 --iter-time 5000 luksFormat /dev/sda2 (open the luks container on "sda2_crypt")
[Code].....
After this is done, I go to the "partition disks" page where I select each partition/volume to it's correct destination. I then proceed to installing the base system, configuring apt, and all that. Now, before I install Grub I used to execute the following commands on shell:
Code: Select allĀ # nano /etc/crypttab
I used to put something there, but I don't remember what exactly. It's been a long time since I used Debian for long! But here's what I put there:
