I've tried Ubuntu, Arch, and most recently Fedora but the SUSE GNOME environment blows everything else away!
The only problem (so far) is that Network Manager requires you to enter your password every time you login to unlock the password keyring. I want to disable this.
I think some distros disable the prompt by using the login password to unlock the keyring, but I use auto-login (if that makes a difference).
I have successfully Kubuntu 10.04 running with Belking wireless USB adapter. There is only one issue.I use WPA2 key to access my home wifi and after being connected I was asked if kdewallet should remember the password. I clicked yes.Now evertime my computer starts after booting to Kubuntu I have to enter my kdewallet password in order Network Manager can retrieve password from kdewallet.
I use truecrypt to encrypt a file containing my sensitive data (credit card numbers, bank account info, etc).
When I mount my encrypted file through truecrypt, I enter the password for my file. That's OK - I want to keep it that way. But when it gets mounted as a file system, ubuntu also requires that I enter the 'su' password.
I have been having a small problem since I upgraded from Jaunty to Karmic, whenever I shutdown or restart, root password is required due to multiple users being logged-in.
I have run ck-list-sessions, however I can not trace where (or what) session 5 is.
Code:
Since I have MythTV installed and there was a similar bug, I tried the following solution without any success: [url].
When booting from the Ubuntu 11.04 CD, it asks for user name and password to install. I downloaded the iso twice and did a checksum. Do I need a user name and password before installing? What is the user name and password? I read the documentation and cannot find any entry about user name and password needed when booting fron CD.
One of my machines running 10.04 recently began requiring the root password in order to carry out privileged operations in update-manager. I found this bug in launchpad. It's similar, but related to 10.10. If I create a root password, then I can use it to carry out privileged operations in update-manager, but I prefer not to add a root password just for this purpose.
I've been running 11.3 on a net book for several weeks and have not had this happen on that computer. On a different computer, which was upgraded from 11.2 to 11.3, now requires a root password to shut down the computer.
Since i installed KDE 4.* Whenever I go to shutdown, I get the shutdown dialogue, I hit shutdown, it logs me off, shows some text on shutdown screen, and then opens up the GUI again, bringing up a small window, where It asks for the root password, in order to shutdown. If i don't give it the root password, it goes to the login screen.
I cannot, any way, command line, GUI, or anything, shutdown without providing a root password.
If I use the command shutdown now, as root, it logs me off and goes through an endless cycle of logging off, and then asking for root to shut down, and not shutting down (All on the CLI), and everytime i give it the password, it cancels shutdown and goes back to the prompt. I eventually have to pull the battery to kill it in that case..
I have tried chmoding the shutdown scripts to make it work, it doesn't.
I am running ubuntu 10.04 64 bit with Centos Directory Server centralizedauthentication tool. I can log in just fine with my ubuntu client, however when go to my Directory Server and tell it to require a password change on reset for any of my users, the ubuntu client doesn't require the user to reset their password. the reason I need this to work is so I can reset a users password from the Directory server and then have it use what I set it to for their next login attempt but then require them to set their own password. After days of searching I have only found out that it can be done by setting the option in Directory Server but Ubuntu 10.04 seems to just ignore the option. I am using the libnss-ldapd and libpam-ldapd packages on the Ubuntu client because the libnss-ldap and libpam-ldap didn't work at all, what am I missing?
I have a peer-to-peer network with 25 WinXP Pro computers. I have built a Linux (SuSE) server for the purpose of backing up My Documents, PST files and favourites. Each user has their own folder containing the sync'd files. Each folder is password protected. I have configured each users machine with a mapped 'S' drive, which is the sync'd data folder on the Linux computer. All of the computers seem to end up with a "disconnected network drive" status after either logging out for the day or after some time has elapsed. Some will connect with a double click but others prompt for a password. I have tried mapping the drive using the option "Connect using a different user name", which is fine until the user logs out and back in again. I use SyncToy as a scheduled task, but can't connect to these mapped drives automatically, so the sync process will not work unattended.
I have a second hard disk which has windows and C and D drives partitions. When I boot fedora 13, fedora automatically mounts them as 53 Gb Filessytem and 200 GB Filessytem. But when i try to browse to these filesystem, fedora ask me root password. How I can configure fedora so that it does not ask me root password and this change should be permanent ( surving computer shutdown and restart) ? I want these windows partitions to be reachable by me as the non-root user.Also given /dev/sdb (the windows disk) what is the command line to find out the filesytem path to which various paritions on /dev/sdb are mapped to?
I'm trying to work on the SmashTheStack wargame on Ubuntu, and I'm stuck at level 1 with using John the Ripper (JTR). I got the encrypted password and was able to run JTR on it using
Code:
but the output is
Code:
I'm pretty sure that the 'trying:' part is supposed to be the attempted passwords, but this one doesn't work, and this is the only one that gets output. When I run
Code:
I get
Code:
Which I'm guessing means that nothing happened.. what am I doing wrong, and how can I get it to work?
Didn't know where to post this as it doesn't really call under desktop or installations haha.Anyway, I have a bit of a problem. I've Installed Ubuntu 10.04 with and encrypted LVM password and it went on ok. When booting up the computer it comes to the screen where you enter your password to unlock the LVM which looks great.However after installing the NVidia graphics driver for the laptop and rebooting, the LVM password entry screen seems to be too big to fit on the screen, not looking very good....
There was a recent thread in this forum regarding capturing of SSH passwords via the use of wireshark. The thread subject was closed, which is a decision that I both agree with as well as agree with the reasoning behind. The thread, however, raised a point of curiosity and concern that I would like to ask about. Quoting from a the book, SSH, The definitive guide,
The client authenticates you to the remote computer's SSH server using an encrypted connection, meaning that your username and password are encrypted before they leave the local machine. The SSH server then logs you in, and your entire login session is encrypted as it travels between client and server. Because the encryption is transparent, you won't notice any differences between telnet and the telnet-like SSH client.
I was under the impression that SSH was impervious to this type of eavesdropping, and quite frankly I take great comfort in that idea. I personally, only allow RSA keys for SSH access and (hopefully) avoid this problem (?) as a result. Does SSH really have a vulnerability in that the authentication is sent via plain text? How to ensure the security of SSH and not on anything that could be considered a how to 'crack' it.
I've set up a Lucid system with software RAID and encryption, with three encrypted partions - swap (/dev/md1), the root filesystem (/dev/md2), and /home (/dev/md3). The unencrypted /boot partition is /dev/md0.
This works well but the passphrase had to be entered three times at bootup. Obviously it would be preferable to enter the passphrase once to unlock the root partition, then have the others unlocked via key files. So I added key files to the swap and home partitions and modified /etc/crypttab to use them:
Code: md1_crypt UUID=8066adbc-584c-4766-b188-bc2a7b61a2f0 /root/keys/swap-key luks,swap md2_crypt UUID=bac82294-f3b9-45e4-89ad-407cf8b19b7b none luks md3_crypt UUID=7d82a0b7-c811-4cc3-9fe7-1961c74b5ff2 /root/keys/home-key luks The key files are owned by root and have 0400 protection. (The /root/keys
[Code].....
Since the swap partition is no longer referenced in fstab or crypttab, why is there still a bootup password prompt for it? What else needs to be done to stop it?
I want to have /boot as an ext2 (I don't need journaling and I might want to undelete something) and all other partitions in an LVM.When the server starts it will prompt me for the LVM password. I would like to be able to contact the server using SSH (or using another secure method) and tell the password. Since /usr/sbin and all the other partitions are inside the LVM I guess I have a problem?
Is it possible to setup something like this? The SSH session for the LVM authentication does not have to be a daemon. It can be something which just sits and waits until I connect and input the password. And then the "real" SSH deamon kicks in.
I installed 10.10nbr on my wife's eee 901. Now she cannot remember her password. I've tried booting to recovery to use the passwd command, but that does not work. I believe I encrypted the home folder when I installed. Normally if I don't encrypt home, then I enable auto-login.
I'm running Thunderbird with Enigmail, and I have this very annoying problem. When I open an encrypted email for the first time, it asks me for my key password. It then remembers my password. This is fine for a few minutes, since I don't want to enter the password every time if I look at seven emails in five minutes. However, I WOULD like it to EVENTUALLY forget. At the moment, it doesn't even forget if I shut off Thunderbird. I have to restart my computer, in fact.
The preferences for Enigmail don't help. I've configured it to remember the password for 0 minutes, for example. I don't know how to edit the preferences for gpg-agent or anything else like that.
When I first installed 9.04 (from scratch), I chose the option to have my entire account encrypted... I used the same password as my login password, and wrote down the key hash that it displayed for me just like instructed... everything was working terrific...Well, yesterday, I wanted to change my account password. I changed my account password, and it took effect immediately (I tested it by using "sudo -s" to see if I could elevate to root from the terminal... worked just fine). Being satisfied with my new password, I shut my computer down...
The next time I started it up and tried to log in to my account, it I put in my username and password and pressed enter, and it accepted it just fine, and started to boot to my desktop... it then immediately prompted me with something about "your session lasted less than 10 seconds, try starting in failsafe mode" or something along those lines, and immediately booted me out and back to the gdm login screen... I thought it was just a glitch so I tried again... same thing... gave me the "less than 10 seconds" prompt and booted me back to the gdm...
I thought maybe my filesystem became corrupted, but I didn't give up... I attempted to login to my fiancee's account, and it worked just fine! Using her account, I was able to quickly and safely boot into her desktop environment with no errors...I opened a terminal and used the "su" command to access my account... When I did this, it gave me some kind of error and told me to run ecryptfs (can't remember exactly which command... now). I ran ecryptfs and put in my NEW password... it told me that the passphrase was incorrect. So just out of curiosity, I ran it again, and this time put in my OLD passphrase, and it worked immediately! At this point, I realized that my gdm login password got changed, but my ecryptfs passphrase did not, and the two were not matching up (I assume that on login, gdm passes this password on to ecryptfs, and that when the two did not match up, it was booting me out with the whole "session lasted less than 10 seconds" prompt...)...
So what I did at this point was, while logged into my girlfriend's account, I "su"'d into my account, and used the passwd command to change my password back to my OLD password... once the password was changed back successfully, I restarted my computer and tried to log into my account from the gdm... worked perfectly this time with the old (original) password...When you change your session password, shouldn't it automatically change the encyrption password to match? Or at the very least, warn you that if your account is encrypted, you must take further steps to make these two passphrases match? Also, what command would I use to change my "ecryptfs" password to manually match my session password?
I remember that some time ago I found a guide on the Ubuntu website about adding samba shares to mount at boot via /etc/fstab. The guide also mentioned using a credentials file to store the username and password.
However, the password was encrypted (in md5 I think) and it could not be read directly, but it still worked with fstab mount. If I remember correctly, the file contents were similar to this:
Code: useraname = user password = --md5
where was replaced by the encoded password. All was done in terminal. Recently I changed computers, and re-installed Ubuntu, but I forgot to save that file so I am not sure about the contents. I would like to know how to do this again, but I can't find the guide anymore. Does anyone know how to do this? Storing the password in plain text in file readable only by root is not acceptable because it can be read by someone mounting the drive from other operating system, and the share cannot be mounted/unmounted by regular users (which is possible with the md5 encrypted password).
I've created encryption systems on servers, but nearly always I have stored the password somewhere on the machine itself. The file is always 0600 to the relevant user, but a systematic analysis of my system could easily find the scripts that invoke decryption and discover the password. (The most blatant example of this is mounting SMB shares with the "-o credential_file" option where both the username and password are plain-text. In the cases where I've used this, the security of the share hasn't particularly mattered.)
Soon I might be faced with storing "patient health information" (PHI in the healthcare world) whose privacy is heavily regulated by the provisions of the US law called HIPAA. I've been thinking about creating an encrypted partition to hold the PHI, but I need a highly fault-tolerant method for obtaining the key from a different machine than tha server itself. At first, I thought about running a script using scp and shared keys to copy the key from the remote, use it to decrypt the partition, then erase it. I'd like to be able to do this with a pipe; otherwise I'll write the key in a non-persistent location like /dev/shm.
I need more than one machine to make this work to ensure I can obtain the key when needed (like at boot). One solution is to place copies of the key on multiple servers and try each of them until I find it. A more elegant solution would place the key in a DNS TXT record. I suspect I could use LDAP for this as well, but OpenLDAP and I have never really been on speaking terms. So does this make sense? I presume I can write a bash script to do all this at boot. Most of what will be stored in this partition is the PostgreSQL database in /var/lib/pgsql and perhaps some other files.
My understanding of encrypted file systems is that they are only encrypted when unmounted. When mounted they must be as visible to the operating system as an unencrypted partition. I suppose you could apply encryption to every single disk transaction, but that would require knowing the key all the time, and would seem to add a lot of overhead.
So in an environment where I have 40+ sets of completely unique sets of logon credentials. The only way I've been able to manage this is by keeping them in a hidden and heavily encrypted text file in my home dir.Would like to hear alternatives to this approach if there are any, BTW. Right now I have a script that automates the process of un-encrypting the file, launching an editor and then clean-up with shred -u after editing and re-encrypting.
What bugs me is the interim where I have the file in an un-encrypted state on my drive. It doesn't seem necessary. I have a view script that allows me to see what's in the file without saving it to the drive.
I just installed CentOS 5.4 (x86_64) and I encrypted my /home /var /tmp and /mnt/Storage partitions, along with my swap partition. My only complaint is that when I boot, I have to enter my password 4 times, and I did not pick a short password. The password is the same for all 4 partitions. Is there anyway I can set things up so I can just type my password once? Once I get everything set up, I won't be booting that often, but right now it is a PIA.
I have F10 installed on my laptop with disk encryption enabled. When I boot the machine I get a "Password:" request on screen but can't start typing for 30 seconds or more.Presumably the OS is not ready. This means I have to wait at the keyboard tapping a key until I see asterix. It's a waste of time and frankly a bit clunky for a modern OS. How can I change the behaviour so that the "Password:" request only appears when I can actually type?
I just upgraded from F14 to F15 and have a problem with entering the password for the encrypted FS: when booting with the latest entry in the bootloader:
I have installed debian 6 on two of my laptops. During installation I chose to encrypt my partitions (swap, root and home). Now I find it annoying that during boot up I'm asked for password, for each of these partions seperately. I have given same password for all three of them. How can I make the system ask for the password only once. I know it can be done because on fedora it was like that before.
I have installed fedora 11 in my system. While installing it asked me encrypted password which i passed. But I forgot that. Now the problem is whenever i boot my system before going to root itself it is asking for volume encrypted password, which as i told you i have forgot. Now i am not able to access my hard disk since it is completely locked. Is there any way to decrypt the password or unlock it. Or if that is not possible can data be recovered,which is my primary requirement..
I have installed fedora 11 in my system. While installing it asked me encrypted password which i passed. But I forgot that. Now the problem is whenever i boot my system before going to root itself it is asking for volume encrypted password, which as i told you i have forgot. Now i am not able to access my hard disk since it is completely locked. Is there any way to decrypt the password or unlock it. Or if that is not possible can data be recovered,which is my primary requirement..
I followed this tutorial to encrypt my entire installation: SDB:Encrypted root file system - openSUSE
It worked splendidly and whoever wrote it should get a lifetime supply of beer. After I got the install encrypted I made a RAID 1 array of 2 1GB disks and encrypted that as well. They are used for a data repository.