Results 1 to 7 of 7

Thread: encrypted \home - how to permanently remember password

  1. #1
    Join Date
    Sep 2010
    Location
    Poland
    Posts
    181

    Default encrypted \home - how to permanently remember password

    Hello

    I have fresh install of 13.2 on HP 250 G3 laptop.
    During installation I asked to encrypt separate \home partition
    Now every time I boot system, before logging to KDE, I'm asked to provide encryption password.
    I was hoping system would remember that.

    How can I permanently set this encryption password and where?
    I don't want to type 2 passwords every time I run computer.

    greetings
    Linux 4.12.14
    openSUSE Leap 15.0 - 64 bit
    KDE Plasma 5.12.15
    KDE Framework 5.44.0
    Qt - 5.9.4

  2. #2
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,754
    Blog Entries
    3

    Default Re: encrypted \home - how to permanently remember password

    You can put the password into a file (readable only by root), and put the file path into "/etc/crypttab".

    However, I'm not sure of the point of encryption if you do that.

    The reason I encrypt "/home", is that one of these days the disk will die or the computer will die. So I'll junk it. And, because it is encrypted, someone finding that disk at the junkyard won't be able to get sensitive information from it. It the password is in a file, the will probably be able to recover the data.

    You can always add a second encryption key (with "cryptsetup" run as root). Make that your login password. Then set your system up for automatic login. So you enter your password only once, though it happens to be for "/home" encryption rather than for login.

    Personally, I just deal with the two passwords. It's no big deal.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  3. #3
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: encrypted \home - how to permanently remember password

    On 2015-03-22 17:26, GazetaCypr wrote:
    >
    > Hello
    >
    > I have fresh install of 13.2 on HP 250 G3 laptop.
    > During installation I asked to encrypt separate \home partition
    > Now every time I boot system, before logging to KDE, I'm asked to
    > provide encryption password.
    > I was hoping system would remember that.


    That would be unwise.

    > How can I permanently set this encryption password and where?
    > I don't want to type 2 passwords every time I run computer.


    Well, you _must_ type both.

    The login password doesn't stop a thieve from reading your entire disk.
    The encryption phrase (should be long) does.

    What you can do is set the system to autologin. I'm unsure how that
    handles with encryption, though.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 13.1 x86_64 "Bottle" at Telcontar)

  4. #4
    Join Date
    Sep 2010
    Location
    Poland
    Posts
    181

    Default Re: encrypted \home - how to permanently remember password

    Thanks
    I can't autologin because I set up guest account so a 'guest' could use computer.
    Now without encryption password guest will not be able to login at all.
    And if I give encryption password to anybody then the point of encryption is missed. I could not encrypt at all.

    The reason for encryption was the same as nrickert.

    I was thinking of full encryption of entire disk but for some strange reason I could not encrypt root (system) disk formated with Btrsf.

    Can this file with password be in /home partition (encrypted) or it has to be in main partition / ?
    Linux 4.12.14
    openSUSE Leap 15.0 - 64 bit
    KDE Plasma 5.12.15
    KDE Framework 5.44.0
    Qt - 5.9.4

  5. #5
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,754
    Blog Entries
    3

    Default Re: encrypted \home - how to permanently remember password

    Quote Originally Posted by GazetaCypr View Post
    I was thinking of full encryption of entire disk but for some strange reason I could not encrypt root (system) disk formated with Btrsf.
    The easiest way to do that, is to setup an encrypted LVM.

    That's what I do. So root, "/hom" and swap are all logical volumes within the LVM, so encrypted. There's a separate "/boot" which is not encrypted but it doesn't contain anything particularly private (just kernels, boot code and "initrd" files).

    And if I give encryption password to anybody then the point of encryption is missed.

    That's the downside of encryption. You have to be there when the system boots.

    I keep my desktop up all the time, so it isn't a problem. Also, I'm the only user, though that's a minor point.

    On my work computer, I want it to be able to boot unattended. So I use encryption differently. I use randomly encrypted swap -- since it is randomly encrypted, no key is requested. The downside of that is that I cannot hibernate that system. I make sure "/tmp" is mounted from tmpfs, so that if anything in "/tmp" is written to a physical disk, it will be as encrypted swap. And I use an "ecryptfs" encrypted home directory. That's just my own home directory, not the full partition. The system boots without needing a key. When I login, then my home directory is automatically decrypted. (I did have to install "ecryptfs-utils" to be able to use this).

    I'm describing what I do, rather than telling you what you should do. You will have to decide that for yourself.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  6. #6
    Join Date
    Sep 2010
    Location
    Poland
    Posts
    181

    Default Re: encrypted \home - how to permanently remember password

    Is it, then, easy to return to non-encrypted /home ? Without installation?
    Because I'm thinking that it is not worth.
    Just a question...
    Linux 4.12.14
    openSUSE Leap 15.0 - 64 bit
    KDE Plasma 5.12.15
    KDE Framework 5.44.0
    Qt - 5.9.4

  7. #7
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,754
    Blog Entries
    3

    Default Re: encrypted \home - how to permanently remember password

    Quote Originally Posted by GazetaCypr View Post
    Is it, then, easy to return to non-encrypted /home ? Without installation?
    It depends on what you mean by "easy".

    Basic procedure:

    1. Backup "/home" to external media.
    2. Delete encrypted partition.
    3. create unencrypted "/home"
    4. Format, and restore from backup.


    You should logout first. You can do all of that with Yast command line, at a terminal login screen (switch to console mode rather than GUI mode). Alternatively, you can create an addition user, say "support" with home directory "/support" so that it is not part of "/home". Then login to the GUI as that user to make the changes.

    Or, if you are adept at the command line, just login as root and manually edit "/etc/fstab" and use "fdisk" or similar to change your partitioning.

    From command line:
    1. backup /home to external media (I would probably use "tar" or "dar" at the command line;
    2. delete "/etc/crypttab" or delete the one entry for that (after backup);
    3. umount /home
    4. edit "/etc/fstab" to directly mount "/home" without the crypto;
    5. use "mkfs" on the device to reformat the device for "/home" directly as "ext4" or whatever file system you want.
    6. mount /home
    7. restore from backup.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •