Ubuntu Installation :: Improvement For 10.10 Install: Encryption Passphrase
Jan 4, 2011
Ubuntu's request for an encryption passphrase on installation could be greatly improved.
After installation, if the option to encrypt the home folder has been checked, Ubuntu prompts: "Record your encryption passphrase".
On running the action there are the following problems:
# When you type a passphrase, your keypresses are not indicated on the screen
# If you make a mistake typing the passphrase, and backspace, there is no way of knowing whether the backspace operation has worked
# The passphrase is typed once and the operation ends. There is no attempt to validate the correct entry of the passphrase by asking for it to be typed twice.
The combination of these shortfalls can be fatal. My last recorded encryption passphrase proved to be incorrect when after a critical failure I was required to enter my encryption passphrase to retrieve my data. It had not been backed up for a while. Ubuntu did not recognise my passphrase. Only after some dogged support from Canonical was the problem resolved.
I've just done a fresh install. I have butter fingers. I inevitably fumbled over the entry of my encryption passphrase. I have absolutely no way of verifying the passphrase I just set. Should Ubuntu ditch another critical failure on me, what do you think the chances are that my passphrase will work?
View 1 Replies
ADVERTISEMENT
Feb 7, 2010
I installed ubuntu 9.10 to a fresh partition on a HD that already contains a windows xp. During the install I opted to Require my password to login and to decrypt my home folder, (don't ask why, I regret it already). The install went well, I think, but when it came to reboot time I wanted to check that I could start windows xp from the new grub boot loader. Windows started fine so I rebooted again to try my new install of ubuntu. Now the system seems to get stuck at the little spinning wheel icon. I tried to boot to recovery shell but after entering my name and password I get:
Unable to cd to '/home/myname'
I rebooted using live cd. And mounted the file system as root. Now I have chroot ed into the system but that's as far as my knowledge gets me. I have googled to find the next step but am not finding a clear answer. I have found this [URL]. And here I see I should have seen a screen entitled: Record your encryption passphrase. But I didn't get to that screen. So is there any elegant solution? or am I destined to wipe the install and start again? Perhaps this problem is connected to the bug mentioned here [URL]. Optional encrypted partitions must be marked bootwait in /etc/fstab
In addition to the above, users who have configured any encrypted partitions in /etc/crypttab to start at boot time (i.e., not using the noauto option) should make sure that the filesystems on these volumes are listed in /etc/fstab if they are not mounted at a standard system mountpoint. Failure to do this on a desktop system will lead to problems from the X server and cryptsetup trying to control the console at the same time. At best, this will prevent the user from seeing the passphrase prompt; at worst it will also cause the X server to spin and consume 100% CPU. (430496)
I'm not sure, my /home is not on a separate partition.
/etc/crypttab is empty
# <target name> <source device> <key file> <options>
/etc/fstab is
# /etc/fstab: static file system information.
# Use 'blkid -o value -s UUID' to print the universally unique identifier
# for a device; this may be used with UUID= as a more robust way to name
# devices that works even if disks are added and removed. See fstab(5).
# <file system> <mount point> <type> <options> <dump> <pass>
proc /proc proc defaults 0 0
# / was on /dev/sda2 during installation
UUID=8e5f54dd-8d79-44da-9ddf-7f4e3bce2a64 / ext3 errors=remount-ro 0 1
# swap was on /dev/sda3 during installation
UUID=32bcb9fc-ff2b-4e37-a259-1bfabee7cee7 none swap sw 0 0
/dev/scd0 /media/cdrom0 udf,iso9660 user,noauto,exec,utf8 0 0
View 1 Replies
View Related
Sep 5, 2010
i have installed a ubuntu 10.04 (mini iso) w/ option of root encryption. Now i need to boot without ask for passphrase, but im trying to add a luks keyfile without success.i want to use a keyfile in the /boot partition or inside the initrd (cant be in external pendrive), but ubuntu aparently dont accept a keyfile in /boot or initrd file. I know, this way isnt very security, but i just need a basic encryption.So, how to force the use of a keyfile in /boot or inside the initrd for a crypt root partition?
View 5 Replies
View Related
Jul 28, 2009
I have currently a file server that runs on Fedora 9, and all other PCs (mostly running Windows XP) access the file server via SAMBA. Everything works perfectly! However, lately a home invasion in my neighborhood got me thinking. If they take my file server, my data is not protected. So, I would like to implement the LUKS partition encryption (/home) which sits on a separate disk. However, I don't quite like the decryption process at boot time. In other words, I would like to wake up the file server (WOL) remotely, and when it's done booting, I would like to log-in using the other PCs and enter the passphrase remotely to decrypt /home. Is this possible using LUKS encryption (i.e., cryptsetup)? If not, what would be another alternative to what I am trying to do using a secure encryption (so that the data is safe from thieves)?
View 4 Replies
View Related
May 31, 2010
I just upgraded to Fedora 13, with emacs 23.1. Now when I edit a .gpg (encrypted) file, emacs doesn't cache the passphrase, so when I save the file emacs demands that I repeat the passphrase twice.Previously, the following line in .emacs made it cache the passphrase:
Code:
(setq epa-file-cache-passphrase-for-symmetric-encryption t) This is supposed to work, according to the documentation [URL], but in Fedora 13 emacs it seems to have stopped working.
View 1 Replies
View Related
May 2, 2010
I see that the latest hplip is by default (3.10.2 in synaptic)great I thought but unlike the 3.10.2 version which was previously downloaded from the web(for 9.04) this default version STILL cannot produce photos without borders? In trying to install the web version (over the default version) which allows for exact printer settings. my printer then went haywire! Its for this reason only that I must go back to windows for HP essential. its a pity because this problem has been known for ages
View 2 Replies
View Related
Jul 2, 2010
I got a little problem upgrading my ubuntu-nas with some storage.I wanted to add a new harddrive to my lvm but I stuck before getting to this point.I want my harddisc to be encrypted before adding it to the lvm.I tried the following:
Code:
# sudo cryptsetup luksFormat /dev/sdb1 -y
WARNING!
========
This will overwrite data on /dev/sdb1 irrevocably.
Are you sure? (Type uppercase yes): yes
... and nothing happens. dmsetup ls returns nothing.
View 1 Replies
View Related
May 24, 2010
Using slackware current and I'm really digging KDE 4.4.3. It's been way more stable on my machine than 4.3.x and it performs MUCH better. I think slackware 13.1 is going to be a really good release. Much better than 13.0. Looking forward to upgrading all of my hosts though it will probably take me a few months given how many I manage.
View 3 Replies
View Related
Feb 23, 2011
I've chosen to encrypt my swap partition while I was installing opensuse 11.3 on my PC.
I want to know how I can change its password(passphrase)?
View 2 Replies
View Related
Jan 13, 2010
I recently upgraded a server's networking card to a Gigabit NIC, and got a hold of a Gigabit switch (Here's a link) in the hopes of increasing my network performance - however, I'm getting around 10 MB/s throughput now, which is exactly what I used to get with the old 10/100 switch & NIC. The new switch recognizes both computers as Gigabit (the other machine has always had a Gigabit NIC), and both computers say they're gigabit - I've found various sites around the interwebz recommending tweaking some TCP/IP buffer settings, which I have tried to no avail. I also saw that hard drive speed is usually the limiting factor. According to "hdmarp -t", the server HDD (definitely the slower of the two) is:
Code:
Timing buffered disk reads: 226 MB in 3.00 seconds = 75.26 MB/sec
So that's obviously not my issue. The cabling is CAT6 - I ran it myself, but if I'd mis-wired the end connections, wouldn't it just not work at all? I admit, I bought cheap NIC's (I'm not going for like 124.9 MB/s throughput here..), and I didn't expect them to be stellar, but I certainly expected the speeds to improve. I'm moving files from a server running Ubuntu 9.04 to a Windows machine - I've tried both my Samba shares on the server and an SFTP transfer: they both have about the same throughput.
View 2 Replies
View Related
Aug 27, 2010
every now and then my company cleans its it trash by giving away computers to its employees. this i became the owner of a p4, 2ghz compaq evo with 512 mb ram and no hard drive. i bought a 500 gb hdd, dowloaded ubuntu, created a live disk and in a matter of minutes i had a new desktop! i love it! a new computer with a new operating system set by a non-techie in 15 minutes? not even microsoft can beat that. oh, and the total cost was zero!
then i started clearing issues (mysterious crash on p4 computers solved with a patch, screen resolution solved with a new mode, not recognized microsoft webcam to be solved, connection to stora nsa to be solved, etc.). this is nothing different from what you would go through installing windows on a new computer, in fact the process seemed easier for me as there's tons of documentation and people willing 1. overall system performance, mostly while browsing seems low. could it be the 512 mb of memory? would it improve its performance to jump to 1 or 2 gb? or it's just the processor that's too slow and not all the memory in the world would make it faster? while we're at it, is it reasonable to expect good performance on ubuntu 10.4 on a p4 2.0 ghz? (my notebook, a 2 ghz core duo runs faster on xp, but it has 3 gb memory, so i guess memory would help...).
2. choppy videos and other video, both in partial and full screen modes. again, would more ram help? updating drivers? updating flash? (i think it's all updated, but i'll retry...). or is my bottleneck in the processor? 3. my computer has an extra video card, but it's disconnected. i'm not sure about brand or model or even whether this would be an improvement on the on-board card. should i plug it and see what happens? would a better video card improve my performance?
simplifying, this is a computer for me to play and for my baby boy to pound at the keyboard. if i were to spend little money on it, what's the best investment, memory or a new video board? (i think i know the answer, memory). i don't want to extrapolate too much from my windows experience because this is a new os, but i think i would go for extra memory. if memory were the solution to all my problems... how much memory? should i go for an additional gb? full 2 gb? 3? what about buying a 1 gb card and plugging it side by side with the existing 512 mb? would 1.5 gb be enough?
View 1 Replies
View Related
Sep 17, 2015
I recently started installing Debian and I want to download and install a GUI in it. For that I could use my university Wi-Fi connection. I was told that it's a WPA2 secured connection. But when I tried to configure it, it keeps asking me for a "passphrase". I don't have a passphrase! All I have is my username and password for the Wi-Fi. What should I enter as my passphrase ? I tried both username and password and neither of them worked.
View 4 Replies
View Related
Mar 24, 2011
I just installed debian-6.0.1a-i386-netinst yesterday on my Dell Dimension 4100. I have a serial keyboard and mouse, which both worked fine during the install and the keyboard allowed me to enter the correct passphrase. After I enter the passphrase the PC continues to boot up, and it gets to a black screen with small fuzzy/distorted "DELL" logo's on the top part of the screen going from left to right.
What is wrong with my PC? What can I do to troubleshoot this?
I really would like to get debian up and running on this desktop
View 5 Replies
View Related
Jun 1, 2010
I just tried to install with Ubuntu 10.04 AMD64 Alternate on RAID1 and Encryption but after reboot the screen just stays black.
my system is a AMD Athlon 64 X2 Dual Core 4200+ on a Abit AN-M2HD Motherboard, and 2 HDs each 250.1 GB
i split the HD into
* 50GB for /
* 200GB for /home
* 1GB for swap
all get a RAID1
/home is encrypted with passphrase (Twofish 256, cbc-essiv:sha256)
swap is encrypted with random (Blowfish 128, cbc-essiv:sha256)
where can i check RAID and hardware compatibility?
View 9 Replies
View Related
Apr 13, 2011
Is there a way to install ubuntu 10.04 or 10.10 with full disk encryption? I read how to do it in the 8.0 version, was wondering if it is still possible?
View 4 Replies
View Related
Apr 22, 2010
I'm trying to install OpenSuse 11.2. During installation there's a problem. It offers to create an LVM with encryption. That's fine. The problem is: it only uses 15GB of my 250GB hard drive. When I try to alter the partitions, I can't. When I try to remove the partitions and create new partitions myself it seems OK but a few minutes later the installation quits with 0333. I googled on resizing the LVM, but it brought me nowhere. There seems to be no working manual on how to do that. How do I install my system without having over 90% of my disk unused?
View 5 Replies
View Related
Jul 21, 2010
I'm a relative newby to Linux so forgive me if this is a simple question. I know that if you install Ubuntu using the alternate CD, you can create a whole disk encrypted installation, but what about after a normal installation? What is the best procedure to use to get more than just the home folder encryted? Installation of Fedora 13 gives the option during a normal install to encrypt more than just the home folder. I really only want to encrypt my Ubuntu partition. I have a laptop with a multi-boot setup with Windows 7, Fedora 13 and Ubuntu 10.04 all residing in their own partition. Because of this setup I really can't use whole disk encryption. I use Truecrypt on my Windows 7 partition and it works great but encryption of a Linux system partition is not supported.
View 4 Replies
View Related
Aug 5, 2010
I've got some old drives using pre-LUKS loopback encryption, and I'm having problems mounting them on OpenSUSE 11.3. What I expected to work, based on past experiences with other distributions, is something along the lines of:
mount -t ext3 /dev/sdc11 tmp -o loop=/dev/loop1,encryption=AES256. When I try this I'm asked for the password, but then get the message "ioctl: LOOP_SET_STATUS: Invalid argument". Anyone have a clue what could be going wrong, or how I can best access these drives from OpenSUSE?
View 5 Replies
View Related
Jul 1, 2010
I was wondering how to activate encryption on my home folder, like sugested when creating the first user? in 10.04Also, is it any good to use?It's a work computer with sometimes private documents (cv, docs, etc) and i would like to be sure no one can access it, even as root.
View 3 Replies
View Related
Mar 12, 2011
I'm trying to install a luks enabled grub for full system encryption. What modules are required by grub to load a normal ubuntu linux system and what is the type to use?
View 2 Replies
View Related
Jan 29, 2011
I managed to get a cheap refurbed netbook recently (Samsung N150) and I'm wanting to put Ubuntu on it. As it's also likely to be used when travelling and have things like chat logs, photos, and other such things I'd like to do full disk encryption. Also I've been pointed towards 10.4 as apparently the 10.10 netbook desktop isn't to everyone's taste.
So I tried using unetbootin to make a bootable 10.4.1 i386 Alternate usb stick, which hit the problem of no cd drive. I found an item to add to the boot (cdrom-detect/try-usb=true) which got it a little further, but at a copying stage it threw an error saying it couldn't copy off the disc.
Finally I tried making a unetbootin of the mini iso (does mini even support full disk encryption?) but that seems to hang after selecting a mirror.
EDIT: Well it seems I was just impatient on the mini ISO and after a few minutes it's gone onto time-zone, though of course this could get rather tiresome without a local mirror, especially given this may go through more than one iteration.
View 1 Replies
View Related
Nov 21, 2010
i have hd encryption activated on my swap and home disks. now every 20 min or so (not really periodic but definetly reproduceable) my system hangs completely for about 4 - 10 sec while the hd led is on. i have a dual core cpu which makes this even more odd. could this be a side effect of hd encryption especially on the swap partition?
View 3 Replies
View Related
Feb 8, 2010
any incompatibility for an encrypted disk (i.e. impossibility of reading the file system) among different versions of the same distro or among different Linux distros.
View 1 Replies
View Related
Aug 8, 2010
Trying to encrypt my partitions for swap, root and /home directories. However, when I go to partitioner and select the drives as sdb1, sbd2 or sbd3 and click on the encryption. It errors with a -3016 error. Can't find anything in the release notes or the security documentation that would lead me to why this screen is popping.
View 3 Replies
View Related
Jun 19, 2011
Using SUSE 11, I'm trying to change my existing login user id HOME directory to use encryption. I use YAST to do this, just by clicking the ENCRYPTION box inside the USER AND GROUP MANAGER tool.I receive this error message -- "Not enough disk space left to copy existing data".Which file system do I need to add space to?Here are the filesystem existing sizes --
Filesystem: / Size: 6g Used: 3g
Filesystem: /home Size: 1.8g Used: 65m
View 4 Replies
View Related
Feb 13, 2010
I've been wanting to do this for a while and after upgrading some of my pc components I decided I would finally try to dual boot with full disk encryption on both windows 7 and Ubuntu 9.10. I managed to encrypt the windows drive with truecrypt and that worked. I installed Ubuntu 9.10 using the alternate cd and everything but /boot is in an encrypted LVM. Each OS is on a separate SATA drive the windows is on sda1 and ubuntu /boot is sdb1.
To setup the dual boot I started out following the tutorial [url] but its for XP and versions of ubuntu that use grub not grub 2. I ran dd as posted and saved the files it produced from truecrypt. I then ran into some problems with grub reinstallation so I simply reinstalled Ubuntu 9.10 from scratch again. This put grub 2 on the computer. I've managed to get it to add a Windows 7 option.
However, when the option is selected truecrypt comes up and says that the bootloader is corrupted and that I need to use the repair CD I burned before I encrypted the drive. My question is does anyone have any experience dual booting using Truecrypt on Windows 7 and LUKS/dm-crypt on Ubuntu 9.10 with grub 2? And how would I get the boot menu to work? I'd rather not reinstall but if I have to I have images from right before I encrypted so it wouldn't be the end of the world.
View 4 Replies
View Related
Mar 28, 2011
To structure the layout of my partitions. I'm installing Windows 7, Backtrack 4 R2 and Ubuntu 10.10 Desktop on my laptop. I've got a 500 GB HDD named sda.
I've already installed Windows 7. It's my opinion that it's easiest to begin with Windows.
The partitions look like this right now:
The Windows installation is unencrypted and I want it to stay that way. It's only there in case my laptop gets stolen, I've installed various nasty things there.
The Backtrack 4 installation will also be given 100 GB space, I want it to be encrypted. The Ubuntu installation should get the rest of all the remaining space and preferably be encrypted but it's not 100% necessary.
How I should partition this? There's a limit on 4 primary partitions? How do I circumvent this? There should be one dedicated GRUB partition which will point to each of the installations own boot loaders?
View 8 Replies
View Related
Aug 27, 2015
I have been trying for close to 7 hours now to create a working encrypted bootable usb key for debian now.
I start by running the debian installation dvd (1 of 3. I downloaded and burnt all three ISO's that I found here: [URL] .... (2015-06-06 17:33) to disk), and when I get to the partitioning part, I cannot get an encrypted volume that will hold the root filesystem.
Here is what I have tried:
I have tried the Guided partitioning option to use the entire disk and set up encrypted LVM, to no avail.
I am left with a primary boot partition of 254.8 MB, at ext2 with /boot mountpoint on it, and a logical partition of 15.8 GB, with crypto as it's file system that says it's "not active". This bit here seems to be a running theme as I keep coming back to this set up, (give or take some space arrangement). From what I've read and seen, I should be seeing an Encrypted Volume container similar to LVM, but called an "Encrypted Container" that I can create additional partitions in like / and /home, and what have you.
And I can't "activate" the partition either. I have tried both the Configure Logical Volume Manager, which changed the partition to an LVM partition that dosn't encrypt anything inherently (and I have checked), and I have tried the Configure encrypted volumes option, which leads to the same results basically.
I have tried manually creating the partitions, a 512 MB ext4 /boot partition and then partitioning the rest of the space as "physical volume for encryption" with aes encryption, 256 key size, xts-plain64, Passphrase encryption key, erase data flag, bootable flag off.
Same result, 1 primary boot partition, 1 logical (I later tried making it a primary partition to, with the same results) crypto volume that is "not active".
I also tried setting up the a logical volume manager, which created a container to create additional partitions in which I could encrypt, but it was either a partition dedicated to something (i.e. root (/) or /home, or /swap, etc) or it could be encrypted, but not both. I even tried creating a root partion, and then selecting Configure encrypted volumes, and then selecting the root partition, and here is where I thought I was getting somewhere, because then it comes up giving me all the same options above, but it also specifies mount point under encryption. Which is /, which is what I'm after. So I accept that, and it goes back to being crypto, "not active" and when I check the partition again, the mount point option is gone.
Last thing I tried was going back to having a 512 MB /boot partition, and an encrypted partition set up with Configure encrypted volumes option, and then specifying the encrypted partiton with the Logical Volume Manager as the place to create logical groups and volumes, to little avail. I can create more volumes that are either encrypted, or a useful non encrypted volumes like / (root), /home, /swap, and the like, but not both at the same time.
Following this guide: [URL] ....
This leads me to a useable system, but the system wasn't encrypted. When I booted, I wasn't asked for a passphrase, and I checked the stick with my old linux mint dristro, and I was able to mount the logical volume and look at the contents, /etc, /home, /var by activating the partition in GParted and mounting it.
A number of users seem to mark an encrypted partition as lvm and then create more logical volumes within that that either actually become encrypted, or they don't check. I'm not sure which after my testing.
[URL] .....
I have also read this: [URL] .... and this [URL] .....
I found this which shows the container I believe I should be seeing if I do this right, but I can't get it : [URL] ....
I have also watched movies on youtube about it : [URL] ....
Could the issue be that I'm using a Lexar JumpDrive? 16 GM USB 3.0.
I've gotten debian to run off of it on it's own so I kind of doubt it.
View 2 Replies
View Related
Oct 21, 2015
I would like to configure my Debian Jessie system in this way.
Two partitions:
1) /boot on /dev/sda1
2) everything else on /dev/sda2
I want to encrypt the second partition with LUKS. And then install over it a LVM volume. Inside the LVM volume i will create the / (root), /var, /opt and /home virtual partitions. In this way, i'll get asked only once for the password to decrypt all partitions. Because if i don't use LVM, then i'll get asked for the password for each encrypted partition.
I can follow and understand almost everything of this HOW-TO for Archlinux: [URL] ....
Only two passages are unclear to me:
1) Configuring mkinitcpio
I don't understand what i should do here in order to complete this. What should i do in Debian to configure "mkinitcpio"? what is the equivalent thing to do here?
I thought that the kernel would automatically recompile itself with all installed modules on the Debian system, once cryptosetup/LUKS or LVM2 get installed.
2) Configuring the boot loader
I don't understand what should i write in /etc/default/grub. Will GRUB automatically load the LUKS and LVM2 modules? Also, I don't think that i could boot the system in this way:
cryptdevice=/dev/sda2:LVM root=/dev/mapper/LVM-????
Actually the "root=" volume is the whole volume to mount as LVM. It isn't the final root partition.
View 5 Replies
View Related
Aug 20, 2011
I recently bought a new hard disk for my /home tree. I don't have encrypted home directories currently, but I was wondering if there is an easy way to encrypt my home directory so that it is automatically decrypted when I'm logging in (console/kdm). Basically I would like to manually do same thing as Debian installer would have done.
I'm running Squeeze.
View 2 Replies
View Related
