Comments on: Encrypted home and swap partition on Ubuntu 10.10 Maverick with auto logon http://gentoo-blog.de/ubuntu/encrypted-home-and-swap-partition-on-ubuntu-10-10-maverick-with-auto-logon/ The ultimate Gentoo Blog Fri, 11 May 2012 11:34:24 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: Cryptoswap – How-to use Ubuntu 10.10 Maverick from a bootable USB stick with encrypted swap « wwward http://gentoo-blog.de/ubuntu/encrypted-home-and-swap-partition-on-ubuntu-10-10-maverick-with-auto-logon/comment-page-1/#comment-377391 Cryptoswap – How-to use Ubuntu 10.10 Maverick from a bootable USB stick with encrypted swap « wwward Wed, 09 Feb 2011 06:15:01 +0000 http://gentoo-blog.de/uncategorized/#comment-377391 [...] Encrypted home and swap partition on Ubuntu 10.10 Maverick with auto logon [...] [...] Encrypted home and swap partition on Ubuntu 10.10 Maverick with auto logon [...]

]]> By: Simon http://gentoo-blog.de/ubuntu/encrypted-home-and-swap-partition-on-ubuntu-10-10-maverick-with-auto-logon/comment-page-1/#comment-359911 Simon Wed, 19 Jan 2011 09:37:28 +0000 http://gentoo-blog.de/uncategorized/#comment-359911 All the packages should be there if you already have an encrypted swap. You may still need libpam_mount if you want to mount the partition on system boot. If you suspend or hibernate your laptop someone could retrieve data from your swap partition if it is not encrypted. So if you just work through the swap bit of the tutorial it should be ok. All the packages should be there if you already have an encrypted swap. You may still need libpam_mount if you want to mount the partition on system boot. If you suspend or hibernate your laptop someone could retrieve data from your swap partition if it is not encrypted. So if you just work through the swap bit of the tutorial it should be ok.

]]> By: Dallman Ross http://gentoo-blog.de/ubuntu/encrypted-home-and-swap-partition-on-ubuntu-10-10-maverick-with-auto-logon/comment-page-1/#comment-346771 Dallman Ross Sat, 01 Jan 2011 23:30:08 +0000 http://gentoo-blog.de/uncategorized/#comment-346771 Okay, I went ahead and tried just the cryptswap part. It worked. Didn't need to install any packages. In /etc/fstab I named the thing "/dev/mapper/cryptswap1" (not just "cryptswap" on the end), because that's how I saw it in a setup that the Ubuntu installation routine had created. Much obliged. I don't quite grok the multiuser comments. I can switch to a second user, etc. I have a couple of questions. Three, actually. Or five. First, how did you choose 256 as the size for the blocks? What is "aes-cbc-essiv" as a cipher? Why is your partition apparently so gargantuan ("riesig") per your example output above? My 8-GB swap partition shows a much, much smaller result in the output from "status cryptoswap": 16002 sectors. I can't remember the fourth question. But the 5th is most important of all: what happens if I reorder my hard drive and what is now /dev/sda7[1] changes, but I don't think about that and reboot? Will my data be toast? I ask because I have all other partitions ID'd by UUID, but I can't do that with this swap partition (it seems to change at every reboot). [1] Mine really is also /dev/sda7, by coincidence. Oh, now I remember the fourth question. :-) In GParted the encrypted swap partition shows up with an ugly big red exclamation mark, because GParted apparently doesn't know what it is. And /dev/sda7 is missing from the output of blkid now, replaced with /dev/mapper/cryptoswap at the end. Well, okay, but that all seems kind of irritating to me. Thanks again for the cool tips. Okay, I went ahead and tried just the cryptswap part. It worked. Didn’t need to install any packages. In /etc/fstab I named the thing “/dev/mapper/cryptswap1″ (not just “cryptswap” on the end), because that’s how I saw it in a setup that the Ubuntu installation routine had created.

Much obliged. I don’t quite grok the multiuser comments. I can switch to a second user, etc.

I have a couple of questions. Three, actually. Or five. First, how did you choose 256 as the size for the blocks? What is “aes-cbc-essiv” as a cipher? Why is your partition apparently so gargantuan (“riesig”) per your example output above? My 8-GB swap partition shows a much, much smaller result in the output from “status cryptoswap”: 16002 sectors.

I can’t remember the fourth question. But the 5th is most important of all: what happens if I reorder my hard drive and what is now /dev/sda7[1] changes, but I don’t think about that and reboot? Will my data be toast? I ask because I have all other partitions ID’d by UUID, but I can’t do that with this swap partition (it seems to change at every reboot).

[1] Mine really is also /dev/sda7, by coincidence.

Oh, now I remember the fourth question. :-) In GParted the encrypted swap partition shows up with an ugly big red exclamation mark, because GParted apparently doesn’t know what it is. And /dev/sda7 is missing from the output of blkid now, replaced with /dev/mapper/cryptoswap at the end. Well, okay, but that all seems kind of irritating to me.

Thanks again for the cool tips.

]]> By: Dallman Ross http://gentoo-blog.de/ubuntu/encrypted-home-and-swap-partition-on-ubuntu-10-10-maverick-with-auto-logon/comment-page-1/#comment-346681 Dallman Ross Sat, 01 Jan 2011 21:44:47 +0000 http://gentoo-blog.de/uncategorized/#comment-346681 Hi, sehr interessant für mich, dein swap-Eintrag. I'll switch to English now. I'm American but live in Wiesbaden. I built a new Maverick yesterday, 64-bit, but did not create a swap file with the installation. Later I added one manually. But in the installation I chose to encrypt $HOME. So now I have an encrypted $HOME but an unprotected swap. If I just do the first part of your tutorial, will it work to get me to an encrypted swap as well? Do I still need to install the packages you mention, or are they likely already there since I have $HOME encrypted? Best regards und ein frohes Neues Jahr[,] Dallman Hi,

sehr interessant für mich, dein swap-Eintrag.

I’ll switch to English now. I’m American but live in Wiesbaden.

I built a new Maverick yesterday, 64-bit, but did not create a swap file with the installation. Later I added one manually. But in the installation I chose to encrypt $HOME. So now I have an encrypted $HOME but an unprotected swap. If I just do the first part of your tutorial, will it work to get me to an encrypted swap as well? Do I still need to install the packages you mention, or are they likely already there since I have $HOME encrypted?

Best regards und ein frohes Neues Jahr[,]
Dallman

]]> By: HacKan http://gentoo-blog.de/ubuntu/encrypted-home-and-swap-partition-on-ubuntu-10-10-maverick-with-auto-logon/comment-page-1/#comment-323781 HacKan Wed, 24 Nov 2010 22:43:24 +0000 http://gentoo-blog.de/uncategorized/#comment-323781 hey, i tested it, and removing the "user" parameter in the volume line of the pam_mount.conf.xml file does allow multiuser login. BUT: 1- the password for the mount must be the same as for the user session 2- you can use different passwords for the volume, up to 8 with cryptsetup luksAddKey /dev/sdXY see here for more info: http://www.saout.de/tikiwiki/tiki-index.php?page=EncryptedDeviceUsingLUKS you can also limit groups or a range of uid's for the mount, see: man pam_mount.conf i tested it with 2 users, both with the same password and using only 1 password for the volume. but it should to work... i only have 1 user, so no need for this; but you could update your tutorial. reggards, hackan hey, i tested it, and removing the “user” parameter in the volume line of the pam_mount.conf.xml file does allow multiuser login.
BUT:
1- the password for the mount must be the same as for the user session
2- you can use different passwords for the volume, up to 8 with
cryptsetup luksAddKey /dev/sdXY
see here for more info: http://www.saout.de/tikiwiki/tiki-index.php?page=EncryptedDeviceUsingLUKS

you can also limit groups or a range of uid’s for the mount, see: man pam_mount.conf

i tested it with 2 users, both with the same password and using only 1 password for the volume. but it should to work… i only have 1 user, so no need for this; but you could update your tutorial.

reggards,
hackan

]]> By: HacKan http://gentoo-blog.de/ubuntu/encrypted-home-and-swap-partition-on-ubuntu-10-10-maverick-with-auto-logon/comment-page-1/#comment-323751 HacKan Wed, 24 Nov 2010 21:48:20 +0000 http://gentoo-blog.de/uncategorized/#comment-323751 well, for some strange reason, the address for the mentioned site disapeared o.O here it goes: http://ubuntuforums.org/showthread.php?t=483622 well, for some strange reason, the address for the mentioned site disapeared o.O
here it goes: http://ubuntuforums.org/showthread.php?t=483622

]]> By: HacKan http://gentoo-blog.de/ubuntu/encrypted-home-and-swap-partition-on-ubuntu-10-10-maverick-with-auto-logon/comment-page-1/#comment-323741 HacKan Wed, 24 Nov 2010 21:47:20 +0000 http://gentoo-blog.de/uncategorized/#comment-323741 Hey dude, great tutorial :D look, you said "The only downside i see with this setup is you can’t use it in a multi-user environment.", but in this site i found that in the pam_mount.conf.xml line they didn't specify a user, so it might be possible, that way, to use it in a multiuser env: tell me what you think reggards, HacKan Hey dude, great tutorial :D
look, you said “The only downside i see with this setup is you can’t use it in a multi-user environment.”, but in this site i found that in the pam_mount.conf.xml line they didn’t specify a user, so it might be possible, that way, to use it in a multiuser env:

tell me what you think

reggards,
HacKan

]]>