can't boot, encrypted drive - how to recover data ?

[Curious George]

This morning, one of my computers failed to boot, got the message

Code: Select all

Welcome to emergency mode!  After logging in, type "journalctl -xb" to view
system logs, "systemctl reboot" to reboot,"systemctl default" or ^D to
try again to boot into default mode.

Retried with various options, no luck. The computer is fairly old
(Dell OpiPlex GX620, c. 2012), and I was planning to replace it anyway.
But, it would be nice to recover the data. OS is Mint 18.3, installed in
early January. At that time I had, perhaps unfortunately, chosen to install
with data encryption.

I was able to boot with a Mint18.3 install USB, and was able to see the
drive partition on which the home directory was installed. However, the
drive was locked.

Trying

Code: Select all

mint@mint /media/mint $ ecryptfs-mount-private 

gave the error

Code: Select all

 ERROR: Encrypted private directory is not setup properly 

Any suggestions?

[catweazel]

Try these suggestions.

[Curious George]

Thanks, catweazel, for the suggestion. The link you provided linked to another page, viz.
https://www.howtogeek.com/116297/how-to ... on-ubuntu/,
which does provide some useful information,though a bit out-of-date. Following those instructions, I had to replace

Code: Select all

GKSU nautilus

with

Code: Select all

GKSU nemo

and was able to access the encrypted directory, but running

Code: Select all

ecryptfs-mount-private

returned

Code: Select all

ERROR: Encrypted private directory is not setup properly.

Perhaps there is damage to the disk itself. Oh well, in my case it is only a few days worth of data.

[WharfRat]

Is it full system encryption or just the home folder

Paste back sudo blkid from the live session.

[Curious George]

Just the home directory is encrypted. It resides on a separate partition (/dev/sda2). Here's the output of blkid:

Code: Select all

mint@mint ~ $ sudo blkid
/dev/sda1: UUID="b6658d00-f09a-4279-a7cb-deec1677eb56" TYPE="ext4" PTTYPE="dos" PARTUUID="0003a6e3-01"
/dev/sda2: UUID="ecbc2386-3a38-4fa5-9abc-27ba9af87342" TYPE="ext4" PARTUUID="0003a6e3-02"
/dev/loop0: TYPE="squashfs"
/dev/sda3: UUID="29bc432b-8137-4250-9846-30918198c429" TYPE="swap" PARTUUID="0003a6e3-03"
/dev/sdb1: UUID="2017-11-24-13-25-42-00" LABEL="Linux Mint 18.3 Cinnamon 64-bit" TYPE="iso9660" PTUUID="7da654e6" PTTYPE="dos" PARTUUID="7da654e6-01"
/dev/sdb2: SEC_TYPE="msdos" UUID="C8A5-5244" TYPE="vfat" PARTUUID="7da654e6-02"

[WharfRat]

Try following the instructions at viewtopic.php?t=134231#p720340

In your case you'll have to mount both the / and /home partitions so use

Code: Select all

sudo mount /dev/sdb1 /mnt
sudo mount /dev/sda2 /mnt/home

then follow the instructions under # Establish a proper chroot environment

[Curious George]

Thanks for the information. The following allowed me access to the encrypted directory for username "gheine":

Code: Select all

mint@mint ~ $ sudo mount -o bind /dev/shm /mnt/dev/shm/
mint@mint ~ $ sudo mount -o bind /proc /mnt/proc
mint@mint ~ $ sudo mount -o bind /sys /mnt/sys
mint@mint ~ $ sudo chroot /mnt
root@mint / #
root@mint / # su - gheine
Signature not found in user keyring
Perhaps try the interactive 'ecryptfs-mount-private'
gheine@mint ~ $ ecryptfs-add-passphrase --fnek
Passphrase:
Inserted auth tok with sig [dc8fca9f63094a8a] into the user session keyring
Inserted auth tok with sig [e2ce7c1effaecea9] into the user session keyring
gheine@mint ~ $ ecryptfs-mount-private
Enter your login passphrase:
Inserted auth tok with sig [ee1aab069e40f0d2] into the user session keyring
INFO: Your private directory has been mounted.
INFO: To see this change in your current shell:
  cd /home/gheine

However, I was unable to copy any of the data to the root filesystem (/dev/sda1):

Code: Select all

gheine@mint ~ $ sudo tar -cvf  /home_19feb2018.tar .
sudo: unable to resolve host mint: Connection refused
sudo: no tty present and no askpass program specified

and got the same errors when trying to copy to a mounted external drive.
I could try netcat or something similar to pass the data to another network host, but perhaps there is a simpler solution?

[WharfRat]

Did you mount /dev

I don't see that in your terminal paste

The first mount under # Establish a proper chroot environment is
sudo mount -o bind /dev /mnt/dev

You'll have to exit the chroot and start over.

[Curious George]

Did you mount /dev
I don't see that in your terminal paste

Actually, my terminal paste accidentally omitted the first three commands, namely:

Code: Select all

sudo mount /dev/sda1 /mnt
sudo mount /dev/sda2 /mnt/home
sudo mount -o bind /dev /mnt/dev

Trying to copy to a mounted filesystem (with sudo) still gives

Code: Select all

sudo: unable to resolve host mint: Connection refused
sudo: no tty present and no askpass program specified

I accidentally booted without the install mediium, and surprisingly, it was successful. Logged in, copied the entire home directory, and, for now at least, the problem is solved. However I did find your notes and the link very helpful; I will research the commands and keep on file in case a similar problem occurs in the future.