I've just reinstalled my box with an encrypted home (used the encrypt home option when installing). I have a query in this regard - suppose I lose the box. Won't it be possible for someone to drop into root, reset my passwd and then access my /home. Is there anyway of having a different passwd for accessing /home? My ~ is on a different partition from /.
View 3 Replies
Lately i just reformatted my laptop again and created a encrypted home drive using the default.It prompt for my password and then i key it into the terminal.Then the terminal closed it.How to justify that the home drive is encrypted and decrypted during login?Beside that,if it is encrypted and what kinda extension is drive gonna?Apart from that,i used cryptkeeper to create a encrypted folder.How do i know if the folder is encrypted beside it prompt for me to enter my password?
View 7 Replies View RelatedI just installed the testing version of Debian with the option to setup encrypted home directories. I used a passphrase that I now want to change to something else. How do I do that?
View 4 Replies View RelatedDuring the installation of Ubuntu Karmic, I picked the option that encrypts my home directory.
A few questions:
(1) Shortly after installation, I was asked to run a command to print a key necessary for data recovery from a rescue CD. I didn't run it at the time and am now looking for the command to run. What is it?
(2) I think I read somewhere that this also encrypts swap. Great. Correct me if that's wrong.
(3) If I suspend the machine, is my home directory encrypted? That is, if I have this on a laptop and travel with the suspended laptop and someone steals it, are my data safe, or not?
(4) I assume the weakest point in the system is my relatively short login password (but I think the install tests it and found it okay). Is there a recommendation how long this should be?
I just installed 9.10 on my laptop and selected the option for home folder encryption. I am running DropBox and placed the DropBox folder on my desktop (meaning it should be encrypted when I am logged out.) So I have two questions:
1) Shouldn't this setup cause my DropBox files on the server to be encrypted? Apparently they are not because they appear as unencrypted text using the DropBox Web interface.
2) If they were encrypted on the server (which doesn't appear to be the case right now), how would it be possible to share them with another client unless the encryption on both clients were set up identically?
While setting up my laptop on a new hard drive (a bad mobo caused writes which pretty much rendered teh old hdd unusable) I was asked if I wanted to encrypt my home partition.
I've been wanting this for several years - even going as far as trying to get a copy of CheckPoint. That's waht my organization uses on all Wintendo laptops and is required.
In any case, I said "yes" and am happily using my laptop with an encrypted home partition. I'm assuming based on this - [URL] - that it is using EncryptFS as the scheme.
if I were to misplace my laptop, how easy would it be for a forensics team to retrieve my data. Let's assume I have a fairly strong passphrase, such as BisZumBitterenEnd3. [URL]
I had some major problems after the recent Ubuntu upgrade and had to boot from a live cd. I have a separate /home partition, but it was encrypted using the default install encryption in the 9.10 install cd. How can I get to my files so I can back them up?
I have tried this but it did not work: http://ubuntuforums.org/showthread.php?t=1337693
I'm using 10.04 with encrypted home dir. I think the behavior below is wrong:
I can log in as root and change user's password. After that the user can log in using new password, which is normal, but it can also decrypt its home dir using the new password, which is dangerous. Assume I lost my computer. This encrypted home dir will not protect my private data because whoever gets the computer can boot it up with a livecd and chroot to change my user's password and then boot up my system and log in using new password.
Let's begin from the top. I have a relatively new laptop that I've been running Ubuntu on (along with a little-used Windows boot). Picked it up in November or so, installed the current "latest" version of Ubuntu at the time (9.10). I have been doing incremental upgrades, and it's been progressively breaking down more and more. Yes, this includes 10.04.
After GRUB stopped working, I decided it was time to try a reinstall from the top. I told it to leave all the other operating systems alone and do a full reinstall.
Fortunately, I had managed to stuff most of my current work in duplicate locations during this whole debacle, somehow. Don't ask me how I managed to do that when GRUB wasn't working. However, when I installed, I conscientiously said "Oh, yes, Ubuntu, encrypt my home folder! I love privacy!" As a result, about... 30 gigabytes of useful (but ultimately re-downloadable) material is rather inaccessible at the moment. When I try to boot the old system using the newly fixed GRUB, it goes into kernel panic. This seems like a no-go.
I have a saved hojillion-character long passphrase for decryption from my install back in November. Conscientiously saved in the case of just such an emergency.
I read this how-to and followed it to the letter as far as I could tell, trying to mount with ecrytfs to recover my data.
[USERNAME] here is a proxy for my actual username. Yes, the location of my old home folder may seem a little bizarre.
Code:
sudo mount -t ecryptfs /media/c82ca9fe-2b15-4aca-a98d-6482b1d80a32/home/[USERNAME]/ /home/[USERNAME]/oldhome
Passphrase:
Select cipher:
1) aes: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
[Code].....
What are the steps I must take to move my existing home folder to a separate, encrypted partition? Can I create this partition without damaging my current partition? Where is a trusted location to download App Armor profiles? What else can I do to harden the security of Ubuntu?
View 1 Replies View RelatedI want to carry Ubuntu with me everywhere on a LiveUSB but I want to encrypt the home with a strong passphrase in case it is lost or stolen. How do I do that?
View 1 Replies View RelatedI would just like to know how to, and know if its secure to run the following programs WHILE LOGGED OUT of Ubuntu: openvpn, deluge, and if it can be securely done while the home directory is encrypted.
View 6 Replies View RelatedI would like to give a few students a preconfigured Ubuntu USB stick with certain apps. I also encrypted the home folder in case of loss.
With TrueCrypt, cloning an encrypted container would be a big no-no because any one could just backup their header with a known pw and use it to decrypt anyone else's container due to each container using the same master key. I assumes the same applies to home folder encryption, yes?
Is there a way, other than creating a new user with home folder encryption, of forcing a master key change?
while since I've been here. I'm having an issue with a fresh install of 11.04. Due to work requirements, I encrypted my home folder, which is fine, however, it seems to randomly lock itself down while I'm working, and it's getting really annoying.
Apps stop working, I can't open nautilus (something about not being able to create certain folders because home is locked), hell, even the terminal link on my desktop says failed to launch application (though the launcher on the top panel works). I just have to run ecryptfs-mount-private and enter my password to fix it, but it's doing this every 15 minutes or so. what might cause it to relock itself so frequently? I would expect to not have to deal with mounting my private data, that should happen at login and be good until log out.
Not using filename encryption when you create a new encrypted folder is easy, but how to disable it in the home encryption that is automatically set up by the Karmic installation CD?
View 1 Replies View RelatedIf I wanted to transfer a home folder that was encrypted to another ubuntu computer could I? If I had a separate home partition that was encrypted, but I wanted to upgrade ubuntu to the latest version by doing a clean install is there an easy way so that I can still read the data encrypted with the old version?
View 5 Replies View RelatedI logged in to Recover Mode ("Drop to root shell prompt") this morning to do something. Naturally, I wanted access to my encrypted home folder.
The README file says to run ecryptfs-mount-private. However, that command returns an error:
"ERROR: Encrypted private directory is not setup properly."
This cannot be correct, because if I log in normally, I get my home folder without any problem.
How can I access my encrypted home folder when I boot via Recover Mode?
After buying an IBM/Lenovo USB fingerprint reader model FP06 and installing Fingerprint GUI, have problems to mount my home folder encrypted with eCyptfs. I was using it since the first time i install Ubuntu 10.10 64 bits. After login from GDM, there are some ways to make it work:
1) open a terminal window and type ecryptfs-mount-private. This decrypt the home folder, but need to logout and login again to my personal preferences can be reached (bookmarks in nautilus, in firefox, etc). Each time the PC is rebooted, the same process is needed to made again.
2) before login in GDM, change to a tty1 terminal (ctrl-alt-F1) and login from here. The personal folder decrypt then without problems. Then change to GDM (ctrl-alt-F, login an everything works fine. What could be the fault from GDM to not mount the encrypted folder?
I am running ubuntu 11.04 I'd like to encrypt my home folder. - how can it be done, without creating new user/starting from scratch. -I'd like to keep all the files and desktop settings - the only change should be that the folder is encrypted now.
View 2 Replies View RelatedI ticked the box for this when I installed Lucid, but how can I verify that it's actually performing the encryption/decryption?
View 4 Replies View RelatedI have one of my user's home directory on a seperate partition, and I was wondering if there was a way to only mount it when/if the user is logged in and unmount it if they log out.
View 1 Replies View RelatedI installed Ubuntu 10.10 64 on my laptop with the entire 500gb setup as encrypted LVM. This has worked well for several months with no problems. During this time i have been backing up the data to an external usb drive (1tb) on a regular basis. The usb drive was not encrypted. So, I thought it would be a good idea to encrypt the backup drive too. I wiped out the backup drive and set it up as one large encrypted lvm and mbr. This seemed to work fine but immediately afterwards I decided to erase that and set it up as encrypted lvm guid instead of mbr. I couldn't delete it while logged into my desktop so i decided to do it from a bootable gparted usb stick. In gparted i erased the 1TB backup drive once again and planned on setting it up the way I wanted once I was logged back into my ubuntu desktop. Now I cant boot into my desktop with the following errors:
cryptsetup: evms_activate is not available b0d) does not begin with /dev/mapper/
Then after waiting for a few minutes I get an error followed by (initramfs)
When booting from a live version of ubuntu the 250MB boot patition is recognized and 500 partion is there but it is labeled as empty/unused.
Also, I did choose to use the exact same passphrase as what is used on the main bootable drive when I set up the encrypted partition on the external 1TB drive.
I've just started using ubuntu one. However, some of the files I store on there are sensitive so I encrypt them using seahorse. Right click, encrypt etc etc. My question is, is there a way to automatically get the encrypt process to delete the un-encrypted file when it makes the new encrypted copy?
View 6 Replies View RelatedWhen installing the latest Distro of Mint (I believe this is not much different, if at all, from Ubuntu as far as this goes) I chose to have my Home folder encrypted using the login password. This was a function of the installation. What I was wondering about was how secure this was and if I should maybe use something to do a better encryption or not.
View 1 Replies View RelatedInstalled new drive in notebook, connected old one with SATA/USB cable, both are encrypted disks. It detected the old drive and prompted for password in Gnome, after entering correct decrypt password, this error appeared:
Error unlocking device: cryptsetup exited with exit code 239: Device udisks-luks-uuid-4de9c864-c678-4633-4343-uid1000 already exists.
I've created some encrypted partitions using Disk Utility, and would like them to be automatically mounted when Ubuntu starts up. Is there a guide to this anywhere?
I've gathered that it involves /etc/crypttab and possibly /etc/init.d/cryptdisks, but haven't had much success so far.
Ideally, some of the partitions would mount early in the boot process, while some of them can mount after I've logged in.
I have a RAID array that contains an encrypted volume that I setup using Disk Utility. What I want to do is mount this volume from the terminal and therefore be able to mount at login (as the pass phrase is saved). At the moment I have to manually click on the volume in Nautilus first before using. I've been trying to use the following command to no avail:
Code:
gvfs-mount -mount /dev/md1
which simply returns "Error mounting location: volume doesn't implement mount"
I have a external HDD with eSATA and USB connectors available. I want to use this HDD to store my backups. The HDD should be encrypted (my main system is as well).
So here is what I did so far:
1) I used the following code to create the encrypted LUKS partition with EXT3 Filesystem:
Code:
cryptsetup -c aes-xts-plain -s 512 luksFormat /dev/sdb1
cryptsetup luksOpen /dev/sdb1 luks
mkfs.ext3 /dev/mapper/luks
The system always hang when I executed the "mkfs.ext3..." command, so I switched the HDD from eSATA to USB and then it worked fine.
2) When I switched on the ext. HDD the first time, the drive was recognized automatically and Nautilus asked for the password. I typed it in as checked the checkbox to remember the password in the future. For the backup I use a nice script that I found in another forum, where I can define a mountpoint and then the script will check for previous backups and only make a incremental backup based of the latest version. The script also mounts the drive automatically. In order to always have the same mountpoint, I want to make an entry in the /etc/fstab using the UUID of the ext. HDD.
Whatever I tried, it doesn't work. What am I doing wrong? Here is my current /etc/fstab
Code:
# <file system> <mount point> <type> <options> <dump> <pass>
proc /proc proc defaults 0 0
# / was on /dev/mapper/ubuntu-root during installation
UUID=2ea47421-73ce-4c66-9606-8a1db81ae640 / ext3 relatime,errors=remount-ro 0 1
# /boot was on /dev/sda1 during installation
UUID=dbdeb793-1d4e-43ea-8986-7b37fdbc9674 /boot ext3 relatime 0 2
# /home was on /dev/mapper/ubuntu-home during installation
UUID=42702091-83e6-43eb-aad1-108f43eedf9d /home ext3 relatime 0 2
# swap was on /dev/mapper/ubuntu-swap during installation
UUID=e225bcf9-908b-4226-a963-6b02ee658df1 none swap sw 0 0
/dev/scd0 /media/cdrom0 udf,iso9660 user,noauto,exec,utf8 0 0
# Eintrag wegen iPhone
none /proc/bus/usb usbfs devgid=125,devmode=666,nodev,nosuid,noexec 0 0
# external HDD
UUID=913977f7-8fa6-416f-af79-b5f913b68f53 /media/backup-hdd ext3 noauto,users 0 0
I made the "none /proc/bus/usb..." entry because it was recommended to ensure correct behaviour of the iPhone. Not sure if I need it though.
I created the mountpoint with this command:
Code:
sudo mkdir /media/backup-hdd
Now it seems the mountpoints owner is not root - strange right?
Code:
2 4 drwxr-xr-x 3 michael michael 4096 2010-01-15 02:45 backup-hdd
How should I mount this drive correctly? It will be automounted as every USB device, but that should not be the case. I want the script to mount and unmount the drive.
I haven't used encryption previously but through that for better security, I would enable it on one of my disks. I went though the process and when done, copied data to the device etc. My house had a powercut the other day and I noticed that the device did not mount automatically upon restart. Unfortunately, I have forgotten the de-cryption password and have lost access to my data. Is there a way of either recovering my password or getting the partition to mount without the password so I can access the data, copy/back up and then re-create the partition without encryption?
View 2 Replies View RelatedI recently had one of my computers motherboard die and so I moved the hard drive to another linux machine so I could access the data. The hard drive is installed correctly and I've mounted several logical volumes on the drive ok, but I'm having trouble with the two volumes which were encrypted. The LVM Gui in Fedora is ignorant to any encrypted LVMs so I looked around to see if others have solved this problem and found the following command:
# cryptsetup luksOpen /dev/vg_delldesk/lv_home luks-fedora
My Logical volume container is vg_delldesk and the encrypted volume is lv_home - when I execute this command I get the following error:
Device /dev/vg_delldesk/lv_home is not a valid LUKS device.
I have access to the root partition from the old box so the config files are there to reference the old setup if needed. My current box is Fedora 14 x_64, I have dm_crypt mod installed in the kernel as well.
