Ubuntu Security :: Error - No Key Available With This Passphrase.
Sep 2, 2010
I'm trying to add a key to a new slot from a keyfile that I created, but I keep getting an error and I don't know what the problem is.
Code:
root@ubuntu:~# cryptsetup luksAddKey --key-slot 1 /dev/sda5 -d /media/Ubuntu_10_04/etc/cryptkeys/swap.key
No key available with this passphrase.
content of swap.key
Code:
nBPeNCr_PS-yEv5SYEyyzaEextllDLo7aHs7yZGW9dtC48GDlte6WYQe7iG2poJr84U6twxu1DImZcyoBPB1q1AjYAanPsre7qLr7VnN4G6u1x_WG-sja6U_pvnks9CTgcD4UmfBw9mkrU3YY4GknQXtpLvkiBkM1soJ0SYYQ2r-7CDZJvaiYJb9eOKKbMsjlrEG39IBdQwdcEp3D7PK5paTYZdVHU2ygrJvJy-sJly4oqb2274DO8hbYviQsPdawetglkhhhhhhh98h4erwjerfkasjnfhsahfocLnBPeNCr_PS-
[code]....
View 1 Replies
ADVERTISEMENT
Sep 5, 2010
i have installed a ubuntu 10.04 (mini iso) w/ option of root encryption. Now i need to boot without ask for passphrase, but im trying to add a luks keyfile without success.i want to use a keyfile in the /boot partition or inside the initrd (cant be in external pendrive), but ubuntu aparently dont accept a keyfile in /boot or initrd file. I know, this way isnt very security, but i just need a basic encryption.So, how to force the use of a keyfile in /boot or inside the initrd for a crypt root partition?
View 5 Replies
View Related
Feb 9, 2010
Simply, the number of possible combinations of passwords increases as an exponent of the number of characters used and as a factor of the number of characters available for use.
26 potential characters for a 2 character password results in 26^2 possible password combinations. This means that each new character added would result in an "order of magnitude" increase in the difficulty of brute force attack.
Using a phrase, complete with punctuation and capitalization is the very best mnemonic device to remember a password. Consider this, how hard is it to remember; The quick brown fox jumped over the lazy dog.
Than it is to remember, l33tsp34kp@ssw0rd
If we pretend that both of these passphrases are generated from a character set consisting of 26 characters, the first would be one of a possible 15274273784216769021564085930704478424313742483024 510976. The second would be one of a possible 1133827315385150725554176.
In short, use a passphrase not a password, they are much MUCH more secure.
View 14 Replies
View Related
Aug 4, 2010
I need an non-interactive, symetric, passphrase mechanism that can be used on machines beyond my sys-admin control. Currently, I use the Python code (with variants):
Stat, Output = commands.getstatusoutput(
"gpg -c --passphrase=%s '%s'"%(Password, TarFileName))
to encrypt and decrypt files (tar balls). The "Password" is generated by a Python code on a singular removable flash drive. It worked with FC11 and Windows, but with FC13 I get an interactive dialog, which gets canceled, and then: can't connect to `/home/{a user id}/.gnupg/S.gpg-agent': No such file or directory
gpg-agent[3432]: command get_passphrase failed: Operation cancelled
gpg: cancelled by user
gpg: error creating passphrase: Operation cancelled
gpg: symmetric encryption of `testdata' failed: Operation cancelled
The operator does not know the pass phrase. This is a single user mechanism which relies upon the mounting of the special flash drive to work. The application is portable across many platforms and hosts, but can only be used by the possessor of the flash drive.
View 1 Replies
View Related
Apr 21, 2011
How can I enable passphrase along with the password for login via ssh ? In that whenever I login from server A to server B via ssh, it should ask me for a password and then passphrase to allow me access.
OR
Can we have multiple passwords to login via ssh ?My basic need is to have 2 levels of password.
View 6 Replies
View Related
Apr 19, 2011
When I set up an ID in Ubuntu, I encrypted it. I did a print screen of the passphrase and put it on the desktop. I'm just learning how to use the encryption so don't fault me for putting it right on the desktop. There is no important data in this ID. Now, I went and changed my password to the account. On the next boot, I got a few error message:
Could not update ICEauthority file /home/mickymouse/.ICEauthority
There is a problem with the configuration server /usr/lib/libconf2-4/gconf-sanity-check-2 exited with status 256 In researching these, it looks like the problem is that I changed the password but didn't update (or something) my passphrase.
I can't boot into the GUI but I have figured out how to boot to a command prompt. I don't have access to my home directory because I don't have my passphrase. Am I toast or is there a way to recover / update the passphrase?
View 3 Replies
View Related
Jul 28, 2009
I have currently a file server that runs on Fedora 9, and all other PCs (mostly running Windows XP) access the file server via SAMBA. Everything works perfectly! However, lately a home invasion in my neighborhood got me thinking. If they take my file server, my data is not protected. So, I would like to implement the LUKS partition encryption (/home) which sits on a separate disk. However, I don't quite like the decryption process at boot time. In other words, I would like to wake up the file server (WOL) remotely, and when it's done booting, I would like to log-in using the other PCs and enter the passphrase remotely to decrypt /home. Is this possible using LUKS encryption (i.e., cryptsetup)? If not, what would be another alternative to what I am trying to do using a secure encryption (so that the data is safe from thieves)?
View 4 Replies
View Related
Feb 8, 2011
I have an encrypted disk, using LUKS / dm-crypt, on Fedora 14.Every time I boot, I am immediately prompted for the passphrase. This happens VERY early in the boot process, and is a graphical screen (ie not console text). If I hit escape, I am prompted in a text-mode for the same passphrase. If I hit escape or return a few times, boot continues normally.
I only mount the disk occasionally, and don't want to be prompted at boot for the passphrase to luksOpen the disk at boot. I manually cryptsetup luksOpen and then mount it when I want access. I just don't want to be asked at boot, and don't want to unlock it until I do so manually.Does anyone how how I can tell Fedora to not attempt to decrypt / mount this filesystem at boot?It's not in /etc/fstab. I should mention, no LVM, just mdadm raid5 on the partition + luks /dm-crypt.
View 5 Replies
View Related
Apr 4, 2011
How to change the passphrase for crypted partitions in F14?
View 1 Replies
View Related
Sep 20, 2010
Hello everI'm really confused by the ways an encrypted partition get mounted.It just mounts the partition without asking for the passphrase used to create it. I can list the files in /mnt/sda2, create a new file test.txt, but have no access to the files written to the "real encrypted partition".Then I can see/change the content of the encrypted partition but without being able to see/change the file test.txt created previously with the normal mount command.
The reason I'm asking is that I'm having my custom Debian to automount every partition available on the system at boot time. Is there any way/command to tell if a particular partition is encrypted (by cryptsetup) or not? So that I can mount it the right way and not make the users confused (or even harm the encrypted data).
View 6 Replies
View Related
Jun 8, 2010
I was wondering whether increasing the strength of a key by increasing the number of bits in the key to 2048 makes any sense if I want to leave the passphrase blank anyway? I'm setting up passwordless ssh logins on my LAN as I'm a bit tired of constantly being asked for a password.
View 7 Replies
View Related
Nov 21, 2010
I just installed the testing version of Debian with the option to setup encrypted home directories. I used a passphrase that I now want to change to something else. How do I do that?
View 4 Replies
View Related
Jul 22, 2011
I have copied over my .gnupg files from a computer to a new workstation that is running Mandriva 2010.2. I am running Thunderbird as a mail client just as before and got Enigmail installed and running fine. The problem I get is when I send a message off with a digital sig it returns this error:
Send operation aborted
Error - bad passphrase
gpg command line and output:
/usr/bin/gpg
gpg: cancelled by user
It does not give me a chance to enter in the passphrase. I copied over the .gnupg files to my Ubuntu laptop running Thunderbird with Enigmail and I have no problems. Could there be an issue going from 32 bit to 64 bit? I checked out the forums and found no answers.
View 1 Replies
View Related
May 31, 2011
what purpose does it serve to use a passphrase? Once the keys are generated the passphrase isnt used? Or what am I missing??? I did not use a passphrase and understood that there was no security implications of not doing so. Is this correct?
View 6 Replies
View Related
Jan 29, 2011
I am a noob who is playing around with setting up a home print/file server using Ubuntu Server 10.04. I have successfully setup the server and am now configuring the SSH server so I can control remotely.
I have setup RSA keys with a passphrase as outlined in the SSH - Ubuntu Community Documentation. However, when I log in remotely I am only asked for the passphrase the first time. Any subsequent log-ins simply take a few seconds to connect without any passphrase request. After restarting my laptop (that I use to connect remotely), I am again asked for the passphrase only the first time and subsuquent logins are without a passphrase. I would like to know if this is normal and if there is a way to have passphrase requested on each login.
View 3 Replies
View Related
Feb 7, 2010
I installed ubuntu 9.10 to a fresh partition on a HD that already contains a windows xp. During the install I opted to Require my password to login and to decrypt my home folder, (don't ask why, I regret it already). The install went well, I think, but when it came to reboot time I wanted to check that I could start windows xp from the new grub boot loader. Windows started fine so I rebooted again to try my new install of ubuntu. Now the system seems to get stuck at the little spinning wheel icon. I tried to boot to recovery shell but after entering my name and password I get:
Unable to cd to '/home/myname'
I rebooted using live cd. And mounted the file system as root. Now I have chroot ed into the system but that's as far as my knowledge gets me. I have googled to find the next step but am not finding a clear answer. I have found this [URL]. And here I see I should have seen a screen entitled: Record your encryption passphrase. But I didn't get to that screen. So is there any elegant solution? or am I destined to wipe the install and start again? Perhaps this problem is connected to the bug mentioned here [URL]. Optional encrypted partitions must be marked bootwait in /etc/fstab
In addition to the above, users who have configured any encrypted partitions in /etc/crypttab to start at boot time (i.e., not using the noauto option) should make sure that the filesystems on these volumes are listed in /etc/fstab if they are not mounted at a standard system mountpoint. Failure to do this on a desktop system will lead to problems from the X server and cryptsetup trying to control the console at the same time. At best, this will prevent the user from seeing the passphrase prompt; at worst it will also cause the X server to spin and consume 100% CPU. (430496)
I'm not sure, my /home is not on a separate partition.
/etc/crypttab is empty
# <target name> <source device> <key file> <options>
/etc/fstab is
# /etc/fstab: static file system information.
# Use 'blkid -o value -s UUID' to print the universally unique identifier
# for a device; this may be used with UUID= as a more robust way to name
# devices that works even if disks are added and removed. See fstab(5).
# <file system> <mount point> <type> <options> <dump> <pass>
proc /proc proc defaults 0 0
# / was on /dev/sda2 during installation
UUID=8e5f54dd-8d79-44da-9ddf-7f4e3bce2a64 / ext3 errors=remount-ro 0 1
# swap was on /dev/sda3 during installation
UUID=32bcb9fc-ff2b-4e37-a259-1bfabee7cee7 none swap sw 0 0
/dev/scd0 /media/cdrom0 udf,iso9660 user,noauto,exec,utf8 0 0
View 1 Replies
View Related
Feb 21, 2010
I've set-up a Linksys WPC54G v5 wireless card using ndiswrapper and the appropriate Marvell driver. It seems to work ok. On my other laptop running Kubuntu with built-in wireless the routing all works fine - I just get prompted by Network Manager for the WPA passphrase and I'm away. However, when I try to connect to my wireless router on thix Xubuntu-based laptop I get really odd security options.
When I try to connect I get a security prompt asking me for a bewildering array of information. There are four basic authentication options under "WPA & WPA2 Enterprise": TLS, LEAP, Tunnelled TLS and Protected EAP. None of those offers a simple passphrase, they all have some combination of username & password with certificates and keys. If I try to connect to other networks in my area, some do just ask for a WPA passphrase, not that I know them to check!
View 1 Replies
View Related
Aug 30, 2010
So I've connected to my wireless network with the command:
iwconfig wlan0 essid Linksys
But I need to enter my wireless access' passphrase to connect to it. The closest I've come is using:
iwconfig wlan0 key s: PASSPHRASE
...which gives an invalid argument and I've resently found out that this passphrase command is not supported - yet.
Where do one tell Ubuntu to use a passphrase to connect to a wireless network?
- Ubuntu 10.04
View 5 Replies
View Related
Sep 16, 2010
I have loaded ubuntu Lynx 10.04.1 as a dual boot behind XP home. I have wireless connection to the XP os via netgear wireless G router and USB 2.0 adapter. The network connection works well with the XP side. When I boot into ubuntu I am sure I have configured the network properly with the wep key and password and the network signal is alive in the work bar at the top of the screen. When I open Firefox and try to browse to ,say, ebay it asks for the passphrase again then tells me that FF is in work offline mode. When I correct this I get asked for the pass phrase again and the connection is disengaged. It just keeps asking for the passphrase and disconnecting. When I reboot into XP everything works perfectly again.
View 9 Replies
View Related
Jul 31, 2011
Is there a way to change the passphrase login screen? It would be cool to change the background and edit the text?
text : Cryptsetup: evms_activate is not avaible
Unlocking the disk /dev/blablablabla
enter passprase
View 1 Replies
View Related
Jul 2, 2010
I have written a shell script which amongst a heap of other stuff creates virtual hosts, and consequently also reloads apache, however my problem is that unless I include a restart in the shell script, the reload is causing the server to stop, yet restarting everytime a new vhost is created is not really an option since it will disrupt the service for other users. I know this is directly to do with the SSL passphrase as simply restarting gets everything running again with no errors.
I have configured mods-available/ssl.conf so the SSLPassPhraseDialog directive uses the passphrase file instead of bulletin, hence the restart can work fine from within the shell script, but obviously reload and force-reload must be running some sort of background process which involves reloading the SSL certs or something?? so my question is can I over ride this and if so what directive / params do I use? Im on ubuntu lucid 10.04 server and apache v2.2.14.
View 8 Replies
View Related
Nov 1, 2010
I have wordpress server running on my machine and I have SELinux enabled for enforcing/targeted. I am unable to insert images, music, etc from the add new post field on the wordpress dashboard. I receive the following error:
image.jpg has failed to upload due to an error The uploaded file could not be moved to /var/www/html/wordpress/wp-content/uploads/2010/10. When I disable SELinux completely, it works fine. Does anyone know what Boolean I need to check to resolve this issue?
View 4 Replies
View Related
Jul 2, 2010
I got a little problem upgrading my ubuntu-nas with some storage.I wanted to add a new harddrive to my lvm but I stuck before getting to this point.I want my harddisc to be encrypted before adding it to the lvm.I tried the following:
Code:
# sudo cryptsetup luksFormat /dev/sdb1 -y
WARNING!
========
This will overwrite data on /dev/sdb1 irrevocably.
Are you sure? (Type uppercase yes): yes
... and nothing happens. dmsetup ls returns nothing.
View 1 Replies
View Related
Jan 4, 2011
Ubuntu's request for an encryption passphrase on installation could be greatly improved.
After installation, if the option to encrypt the home folder has been checked, Ubuntu prompts: "Record your encryption passphrase".
On running the action there are the following problems:
# When you type a passphrase, your keypresses are not indicated on the screen
# If you make a mistake typing the passphrase, and backspace, there is no way of knowing whether the backspace operation has worked
# The passphrase is typed once and the operation ends. There is no attempt to validate the correct entry of the passphrase by asking for it to be typed twice.
The combination of these shortfalls can be fatal. My last recorded encryption passphrase proved to be incorrect when after a critical failure I was required to enter my encryption passphrase to retrieve my data. It had not been backed up for a while. Ubuntu did not recognise my passphrase. Only after some dogged support from Canonical was the problem resolved.
I've just done a fresh install. I have butter fingers. I inevitably fumbled over the entry of my encryption passphrase. I have absolutely no way of verifying the passphrase I just set. Should Ubuntu ditch another critical failure on me, what do you think the chances are that my passphrase will work?
View 1 Replies
View Related
Feb 8, 2011
I considered making my system run the following if an incorrect password is entered 10 times in a row or a specific dead-password is entered.Code:shred /home/.ecryptfs/$USER/.ecryptfs/wrapped-passphrase.Because ext4 doesn't journal the contents of the file, only the metadata, the file would be shredded and it would be impossible to recover the encrypted home folder even with the password.Is there a simple way I could make GDM check this or would I have to patch and recompile GDM for something like this to work?
View 1 Replies
View Related
Jun 20, 2011
Is there any way to only have one passphrase prompt when using multiple LUKS partitions? Well there must be, as that's how Fedora does it - it asks you once, and tries that passphrase on every LUKS volume (with a nice plymouth prompt), I just don't know how to do that on Wheezy. Don't say I have to nuke my install and use LVM instead of regular partitions or put a keyfile on a USB stick. My partition layout is:
/boot (plain)
swap (luks)
/ (luks)
/data (2nd drive, luks)
So I get asked 3 times during boot.
View 4 Replies
View Related
Sep 9, 2010
I am using Fedora 13 x64.I want to removing passphrase from the RSA Private Key then harden the decrypted Private Key.When I tried section 6.6 guide line, I get directory does not exist?I don't know where my server.key is stored.
View 1 Replies
View Related
Jul 7, 2010
Every time I log in to my Fedora 13 system, I am prompted for my SSH pass phrase.
I would like to be prompted the first time I login after booting, but then have ssh-agent continue to run until I kill it or shutdown so I don't have to be prompted every time.
Where do I configure this?
View 3 Replies
View Related
May 18, 2011
I would like to use a USB key to hold the passphrase for an encrypted /Data partition. A forum search turned up only using that method for / which requires initrd. That's not what I'm after.In openSUSE 11.4 I want to boot normally and then automatically unlock the /Data partition only if the USB key is inserted. I'm assuming this would require some kind of automounting after or during the boot process.
View 1 Replies
View Related
Nov 8, 2010
when generating RSA public/private key pair, I gave a passphrase to protect the key. When I now want to use this private key in a script to log on to the remote server via ssh and do something, how can I give the passphrase? Alternatively, is it possible to use a different private key without passphrase ? I doubt it, but it doesn't harm to ask.
View 2 Replies
View Related
