Ubuntu :: Stop Bootup Password For Encrypted Swap?
May 8, 2010
I've set up a Lucid system with software RAID and encryption, with three encrypted partions - swap (/dev/md1), the root filesystem (/dev/md2), and /home (/dev/md3). The unencrypted /boot partition is /dev/md0.
This works well but the passphrase had to be entered three times at bootup. Obviously it would be preferable to enter the passphrase once to unlock the root partition, then have the others unlocked via key files. So I added key files to the swap and home partitions and modified /etc/crypttab to use them:
Code:
md1_crypt UUID=8066adbc-584c-4766-b188-bc2a7b61a2f0 /root/keys/swap-key luks,swap
md2_crypt UUID=bac82294-f3b9-45e4-89ad-407cf8b19b7b none luks
md3_crypt UUID=7d82a0b7-c811-4cc3-9fe7-1961c74b5ff2 /root/keys/home-key luks
The key files are owned by root and have 0400 protection. (The /root/keys
[Code].....
Since the swap partition is no longer referenced in fstab or crypttab, why is there still a bootup password prompt for it? What else needs to be done to stop it?
View 1 Replies
ADVERTISEMENT
May 5, 2011
I just installed Lucid over Karmic on my netbook, unfortunately I had a little removeable USB hard drive attached during the installation. now when I boot, it keeps looking for the little HD, and I have to press "S" to make it "skip." what can I do to tell Lucid that I seldom use this drive so please shut up about it every time I turn it on?
View 1 Replies
View Related
Jul 1, 2010
I read an article earlier that suggested the swap partition is encrypted by default if you select an encrypted /home folder during installation, is that true (for Lucid)? I am suspecting it isn't because my hibernation works, which I believe shouldn't be the case?
View 3 Replies
View Related
Feb 15, 2010
I have installed ubuntu via the alternate installer, activating encrypted home directories, which in turn enabled to have encrypted swap partitions and disabled hibernation (suspend-to-disk). I understand the arguments for having an encrypted swapspace in these cases. However, I'd like to be nevertheless able to hibernate. Now that the system is already set up, I cannot change and completely encrypt my harddisk via LUKS+LVM as it is suggested in numerous places.Instead, I tried the following. I created two swap partitions (sda7 and sda: one being encrypted via cryptsetup, to be used as a 'real' swap (sda7). Another without encryption, which is not listed in /etc/fstab, so that it is not normally used by the system. I have then configured uswsusp in order to use sda8 as a resume partition:
[code]...
I have decided to encrypt the resume image - I don't care entering a password once every time I resume, it just shouldn't be at every boot. And this way, I can have hibernation without the uncomfortable solution of having my decrypted, open files on the disk as clear text. However, as sda8 is not 'mounted' when I want to suspend, I get the following error:
[code]...
When I try to suspend now, it works. The image seems to get correctly written to sda8. However, on reboot, the image does not seem to be detected and the system is not resuming. I end up with a fresh login screen. would be also to unmount sda8 upon resume, is this better done by entering a hook in /etc/pm/sleep.d or can I just continue in the wrapper script above by executing s2disk.unwrapped only by calling it (without 'exec'), and entering a swapoff line behind it?
View 1 Replies
View Related
Feb 21, 2011
i started on the "Installation & Upgrades" Forum. So this is basically a repost. I configured an encrypted swap during the installation process of my kubuntu maverick using the manual install CD. I do not use LVM. This worked fine but I made the mistake of assigning a password to the encrypted swap. I would like to change this in favor for a random key. I tried to change /etc/crypttab in the following way:
[code]...
Now the system still asks for a password for sda7_crypt at startup, but does not recognize the old password. It seems that the swap gets a random key and works fine anyway, so I really want to remove only the question for the PW at boot time. This is not a big issue, but it is annoying. When the system is up I can do swapoff and swapon without problems and no password is needed. Directly after boot swap works:
[code]...
View 1 Replies
View Related
May 28, 2010
I use the follow command to create a encrypted swap:
Code:
bash# echo "cryptswap /dev/sda5 none swap" >> /etc/crypttab
and edit the 'fstab' file :
Code:
/dev/sda6 / ext4 defaults 1 1
/dev/mapper/cryptswap swap swap defaults 0 0
That's work fine, but I found the permission of '/dev/mapper/cryptswap' is like this:
Code:
hello@world:~$ ls -l /dev/mapper/cryptswap
brw-rw-r-- 1 root disk 253, 4 2010-05-28 12:55 /dev/mapper/cryptswap
Other users can read the file '/dev/mapper/cryptswap', does it harm the system's security ?
View 4 Replies
View Related
Apr 30, 2016
I installed Debian 8 Jessie with full disk encryption and chose to have everything on the same partition. After install, I notice that my 8GB laptop has a 16GB swap. Is there a way to reduce the swap to 8GB (or maybe 4) whilst not affecting the encryption?
I have a 1TB HDD so space is not an issue but I dislike such waste. The setup used LVM.
View 2 Replies
View Related
Feb 23, 2011
I've chosen to encrypt my swap partition while I was installing opensuse 11.3 on my PC.
I want to know how I can change its password(passphrase)?
View 2 Replies
View Related
Sep 22, 2010
I've upgraded to my old dell from Xubuntu 9.10 to Xubuntu 10.04 and set up separate /home partition. I chose to encrypt the /home folder when I installed. I'm wondering if that's the quick answer for why I can no longer sftp from my Ubuntu Jaunty laptop. Both machines are on my desk, and I've been happily using ssh to get files between them before this. The Xubuntu machine has openssh server and client installed, the Jaunty machine has only ever had only the ssh client. Now I get a popup saying "Could not open location ..." and the sftp address, and "Host key verification failed." I've not done much with this new install, so I don't mind just re-installing again. I don't need an ecrypted /home, but I do want very much to be able to continue to ssh into that machine. Is it my encrypted /home that's causing this?
View 5 Replies
View Related
Oct 29, 2014
Setting up a randomly passworded swap partition in Debian installer with the default settings (aes-xts-plain64 w/ AES-256 key strength) gives the following line in /etc/crypttab:
Code: Select all####_crypt /dev/#### /dev/urandom cipher=aes-xts-plain64,size=256,swap
However according to cryptsetup manpage when using XTS mode the key size must be doubled so in effect the 'size=256' parameter above is actually resulting in AES-128 strength, no? To get 256 bit key length the size option should be set to 512. Quote from cryptsetup manpage:
For XTS mode (a possible future default), use "aes-xts-plain" or better "aes-xts-plain64" as cipher specification and optionally set a key size of 512 bits with the -s option. Key size for XTS mode is twice that for other modes for the same security level.
View 3 Replies
View Related
Nov 8, 2010
I have a .rar in my Downloads, I want to unrar this file to my Music folder, but the .rar is encrypted and requires a password.
I've tried a few commands like this:
Code:
But it tells me no files to unrar.
View 3 Replies
View Related
Aug 9, 2011
I'm trying to work on the SmashTheStack wargame on Ubuntu, and I'm stuck at level 1 with using John the Ripper (JTR). I got the encrypted password and was able to run JTR on it using
Code:
but the output is
Code:
I'm pretty sure that the 'trying:' part is supposed to be the attempted passwords, but this one doesn't work, and this is the only one that gets output. When I run
Code:
I get
Code:
Which I'm guessing means that nothing happened.. what am I doing wrong, and how can I get it to work?
View 1 Replies
View Related
May 5, 2010
Didn't know where to post this as it doesn't really call under desktop or installations haha.Anyway, I have a bit of a problem. I've Installed Ubuntu 10.04 with and encrypted LVM password and it went on ok. When booting up the computer it comes to the screen where you enter your password to unlock the LVM which looks great.However after installing the NVidia graphics driver for the laptop and rebooting, the LVM password entry screen seems to be too big to fit on the screen, not looking very good....
View 5 Replies
View Related
Jan 31, 2010
There was a recent thread in this forum regarding capturing of SSH passwords via the use of wireshark. The thread subject was closed, which is a decision that I both agree with as well as agree with the reasoning behind. The thread, however, raised a point of curiosity and concern that I would like to ask about. Quoting from a the book, SSH, The definitive guide,
The client authenticates you to the remote computer's SSH server using an encrypted connection, meaning that your username and password are encrypted before they leave the local machine. The SSH server then logs you in, and your entire login session is encrypted as it travels between client and server. Because the encryption is transparent, you won't notice any differences between telnet and the telnet-like SSH client.
I was under the impression that SSH was impervious to this type of eavesdropping, and quite frankly I take great comfort in that idea. I personally, only allow RSA keys for SSH access and (hopefully) avoid this problem (?) as a result. Does SSH really have a vulnerability in that the authentication is sent via plain text? How to ensure the security of SSH and not on anything that could be considered a how to 'crack' it.
View 6 Replies
View Related
May 14, 2010
I want to have /boot as an ext2 (I don't need journaling and I might want to undelete something) and all other partitions in an LVM.When the server starts it will prompt me for the LVM password. I would like to be able to contact the server using SSH (or using another secure method) and tell the password. Since /usr/sbin and all the other partitions are inside the LVM I guess I have a problem?
Is it possible to setup something like this? The SSH session for the LVM authentication does not have to be a daemon. It can be something which just sits and waits until I connect and input the password. And then the "real" SSH deamon kicks in.
View 3 Replies
View Related
Feb 6, 2011
I installed 10.10nbr on my wife's eee 901. Now she cannot remember her password. I've tried booting to recovery to use the passwd command, but that does not work. I believe I encrypted the home folder when I installed. Normally if I don't encrypt home, then I enable auto-login.
View 4 Replies
View Related
Apr 25, 2011
I'm running Thunderbird with Enigmail, and I have this very annoying problem. When I open an encrypted email for the first time, it asks me for my key password. It then remembers my password. This is fine for a few minutes, since I don't want to enter the password every time if I look at seven emails in five minutes. However, I WOULD like it to EVENTUALLY forget. At the moment, it doesn't even forget if I shut off Thunderbird. I have to restart my computer, in fact.
The preferences for Enigmail don't help. I've configured it to remember the password for 0 minutes, for example. I don't know how to edit the preferences for gpg-agent or anything else like that.
View 2 Replies
View Related
Mar 10, 2010
When I first installed 9.04 (from scratch), I chose the option to have my entire account encrypted... I used the same password as my login password, and wrote down the key hash that it displayed for me just like instructed... everything was working terrific...Well, yesterday, I wanted to change my account password. I changed my account password, and it took effect immediately (I tested it by using "sudo -s" to see if I could elevate to root from the terminal... worked just fine). Being satisfied with my new password, I shut my computer down...
The next time I started it up and tried to log in to my account, it I put in my username and password and pressed enter, and it accepted it just fine, and started to boot to my desktop... it then immediately prompted me with something about "your session lasted less than 10 seconds, try starting in failsafe mode" or something along those lines, and immediately booted me out and back to the gdm login screen... I thought it was just a glitch so I tried again... same thing... gave me the "less than 10 seconds" prompt and booted me back to the gdm...
I thought maybe my filesystem became corrupted, but I didn't give up... I attempted to login to my fiancee's account, and it worked just fine! Using her account, I was able to quickly and safely boot into her desktop environment with no errors...I opened a terminal and used the "su" command to access my account... When I did this, it gave me some kind of error and told me to run ecryptfs (can't remember exactly which command... now). I ran ecryptfs and put in my NEW password... it told me that the passphrase was incorrect. So just out of curiosity, I ran it again, and this time put in my OLD passphrase, and it worked immediately! At this point, I realized that my gdm login password got changed, but my ecryptfs passphrase did not, and the two were not matching up (I assume that on login, gdm passes this password on to ecryptfs, and that when the two did not match up, it was booting me out with the whole "session lasted less than 10 seconds" prompt...)...
So what I did at this point was, while logged into my girlfriend's account, I "su"'d into my account, and used the passwd command to change my password back to my OLD password... once the password was changed back successfully, I restarted my computer and tried to log into my account from the gdm... worked perfectly this time with the old (original) password...When you change your session password, shouldn't it automatically change the encyrption password to match? Or at the very least, warn you that if your account is encrypted, you must take further steps to make these two passphrases match? Also, what command would I use to change my "ecryptfs" password to manually match my session password?
View 4 Replies
View Related
Apr 20, 2010
I remember that some time ago I found a guide on the Ubuntu website about adding samba shares to mount at boot via /etc/fstab. The guide also mentioned using a credentials file to store the username and password.
However, the password was encrypted (in md5 I think) and it could not be read directly, but it still worked with fstab mount. If I remember correctly, the file contents were similar to this:
Code:
useraname = user
password = --md5
where was replaced by the encoded password. All was done in terminal. Recently I changed computers, and re-installed Ubuntu, but I forgot to save that file so I am not sure about the contents. I would like to know how to do this again, but I can't find the guide anymore. Does anyone know how to do this? Storing the password in plain text in file readable only by root is not acceptable because it can be read by someone mounting the drive from other operating system, and the share cannot be mounted/unmounted by regular users (which is possible with the md5 encrypted password).
View 1 Replies
View Related
Nov 27, 2010
I've created encryption systems on servers, but nearly always I have stored the password somewhere on the machine itself. The file is always 0600 to the relevant user, but a systematic analysis of my system could easily find the scripts that invoke decryption and discover the password. (The most blatant example of this is mounting SMB shares with the "-o credential_file" option where both the username and password are plain-text. In the cases where I've used this, the security of the share hasn't particularly mattered.)
Soon I might be faced with storing "patient health information" (PHI in the healthcare world) whose privacy is heavily regulated by the provisions of the US law called HIPAA. I've been thinking about creating an encrypted partition to hold the PHI, but I need a highly fault-tolerant method for obtaining the key from a different machine than tha server itself. At first, I thought about running a script using scp and shared keys to copy the key from the remote, use it to decrypt the partition, then erase it. I'd like to be able to do this with a pipe; otherwise I'll write the key in a non-persistent location like /dev/shm.
I need more than one machine to make this work to ensure I can obtain the key when needed (like at boot). One solution is to place copies of the key on multiple servers and try each of them until I find it. A more elegant solution would place the key in a DNS TXT record. I suspect I could use LDAP for this as well, but OpenLDAP and I have never really been on speaking terms. So does this make sense? I presume I can write a bash script to do all this at boot. Most of what will be stored in this partition is the PostgreSQL database in /var/lib/pgsql and perhaps some other files.
My understanding of encrypted file systems is that they are only encrypted when unmounted. When mounted they must be as visible to the operating system as an unencrypted partition. I suppose you could apply encryption to every single disk transaction, but that would require knowing the key all the time, and would seem to add a lot of overhead.
View 1 Replies
View Related
May 21, 2010
So in an environment where I have 40+ sets of completely unique sets of logon credentials. The only way I've been able to manage this is by keeping them in a hidden and heavily encrypted text file in my home dir.Would like to hear alternatives to this approach if there are any, BTW. Right now I have a script that automates the process of un-encrypting the file, launching an editor and then clean-up with shred -u after editing and re-encrypting.
What bugs me is the interim where I have the file in an un-encrypted state on my drive. It doesn't seem necessary. I have a view script that allows me to see what's in the file without saving it to the drive.
View 2 Replies
View Related
Feb 28, 2010
I just installed CentOS 5.4 (x86_64) and I encrypted my /home /var /tmp and /mnt/Storage partitions, along with my swap partition. My only complaint is that when I boot, I have to enter my password 4 times, and I did not pick a short password. The password is the same for all 4 partitions. Is there anyway I can set things up so I can just type my password once? Once I get everything set up, I won't be booting that often, but right now it is a PIA.
View 2 Replies
View Related
Apr 12, 2009
I have F10 installed on my laptop with disk encryption enabled. When I boot the machine I get a "Password:" request on screen but can't start typing for 30 seconds or more.Presumably the OS is not ready. This means I have to wait at the keyboard tapping a key until I see asterix. It's a waste of time and frankly a bit clunky for a modern OS. How can I change the behaviour so that the "Password:" request only appears when I can actually type?
View 4 Replies
View Related
Jul 27, 2011
I just upgraded from F14 to F15 and have a problem with entering the password for the encrypted FS: when booting with the latest entry in the bootloader:
Quote:
kernel /vmlinuz-2.6.38.6-26.rc1.fc15.i686.PAE ro root=/dev/mapper/vg_anonymous-lv_root rd_LUKS_UUID=luks-3ef72221-1165-46a6-ab69-3932e22e9d4f rd_LVM_LV=vg_anonymous/lv_root rd_LVM_LV=vg_anonymous/lv_swap rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=de
initrd /initramfs-2.6.38.6-26.rc1.fc15.i686.PAE.img
[Code]....
View 1 Replies
View Related
May 29, 2011
I have installed debian 6 on two of my laptops. During installation I chose to encrypt my partitions (swap, root and home). Now I find it annoying that during boot up I'm asked for password, for each of these partions seperately. I have given same password for all three of them. How can I make the system ask for the password only once. I know it can be done because on fedora it was like that before.
View 5 Replies
View Related
Mar 4, 2010
I have installed fedora 11 in my system. While installing it asked me encrypted password which i passed. But I forgot that. Now the problem is whenever i boot my system before going to root itself it is asking for volume encrypted password, which as i told you i have forgot. Now i am not able to access my hard disk since it is completely locked. Is there any way to decrypt the password or unlock it. Or if that is not possible can data be recovered,which is my primary requirement..
View 6 Replies
View Related
Mar 4, 2010
I have installed fedora 11 in my system. While installing it asked me encrypted password which i passed. But I forgot that. Now the problem is whenever i boot my system before going to root itself it is asking for volume encrypted password, which as i told you i have forgot. Now i am not able to access my hard disk since it is completely locked. Is there any way to decrypt the password or unlock it. Or if that is not possible can data be recovered,which is my primary requirement..
View 1 Replies
View Related
Mar 21, 2011
I followed this tutorial to encrypt my entire installation: SDB:Encrypted root file system - openSUSE
It worked splendidly and whoever wrote it should get a lifetime supply of beer. After I got the install encrypted I made a RAID 1 array of 2 1GB disks and encrypted that as well. They are used for a data repository.
[Code]...
View 9 Replies
View Related
Jan 14, 2010
I would like to grep all values other than encrypted password from /etc/shadow fileFor example,each line consists of 8 fields separated with :/The only thing that I want not to print out is the contents between first : and second : (encrypted password)
View 7 Replies
View Related
May 25, 2010
I feel sure there must be an easy solution, but Im damned if I can find it. Im sure I've looked everywhere. Even when Im watching ....., the screen goes dark and when I touch the mouse, Im asked for my password again. It really is very very annoying. I go and make a drink, come back, and there it is again - I have to type my password again.
View 5 Replies
View Related
