HOW TO: Encrypt /home and swap with ecryptfs in LMDE
Posted: Sun Jan 27, 2013 1:21 pm
Just a short tutorial here for those of you using LMDE who want to have an encrypted /home and swap without the bother of LVM or boot-time passwords.
One situation this may be useful for is if you install a laptop tracker such as Prey http://preyproject.com/ which depends on a thief being able to login to your stolen laptop as guest to trigger the tracking and picture capture capabilities.
In Ubuntu and Mint this is done with ecryptfs (note the lack of an 'n' in the name) and I have been successful doing this in LMDE on a fresh install.
WARNING WARNING WARNING
Have 2, yes 2, backups of your data before you try this - I chose to do this on a fresh install for space reasons. I then restored all my data from my 1st backup. My data is secure and I have a chance of recovering my stolen laptop in the future.
1. Install ecryptfs:
2. logout
3. ctrl+alt+f4 to switch to a virtual terminal
4. at the prompt login as 'root' and enter your user password
5. - where USER is the username you want to migrate to an encrypted home
6. Read the warnings and follow the instructions
7. For your swap partition (optional)
8. ctrl+alt+f7 to retrun to your graphical environment
9. login (hopefully)
10. To test I booted up a live disto and attempted to read my home directory - just dead links to two documents about encryption
The utility creates a backup of your data in the /home directory - you can remove this when you are sure all your data are there (space could be an issue for this if you choose not to do this with a fresh install)
Here are some useful links:
Prey laptop tracker: http://preyproject.com/
Ecryptfs homepage http://ecryptfs.org/
Ecryptfs goodness http://blog.dustinkirkland.com/2011/02/ ... yptfs.html - With thanks
Comments, corrections and criticism welcome...
The Monkey
One situation this may be useful for is if you install a laptop tracker such as Prey http://preyproject.com/ which depends on a thief being able to login to your stolen laptop as guest to trigger the tracking and picture capture capabilities.
In Ubuntu and Mint this is done with ecryptfs (note the lack of an 'n' in the name) and I have been successful doing this in LMDE on a fresh install.
WARNING WARNING WARNING
Have 2, yes 2, backups of your data before you try this - I chose to do this on a fresh install for space reasons. I then restored all my data from my 1st backup. My data is secure and I have a chance of recovering my stolen laptop in the future.
1. Install ecryptfs:
Code: Select all
sudo apt-get install ecryptfs-utils
3. ctrl+alt+f4 to switch to a virtual terminal
4. at the prompt login as 'root' and enter your user password
5.
Code: Select all
ecryptfs-migrate-home -u USER
6. Read the warnings and follow the instructions
7. For your swap partition (optional)
Code: Select all
ecryptfs-setup-swap
9. login (hopefully)
10. To test I booted up a live disto and attempted to read my home directory - just dead links to two documents about encryption
The utility creates a backup of your data in the /home directory - you can remove this when you are sure all your data are there (space could be an issue for this if you choose not to do this with a fresh install)
Here are some useful links:
Prey laptop tracker: http://preyproject.com/
Ecryptfs homepage http://ecryptfs.org/
Ecryptfs goodness http://blog.dustinkirkland.com/2011/02/ ... yptfs.html - With thanks
Comments, corrections and criticism welcome...
The Monkey