I have fresh install of 13.2 on HP 250 G3 laptop.
During installation I asked to encrypt separate \home partition
Now every time I boot system, before logging to KDE, I’m asked to provide encryption password.
I was hoping system would remember that.
How can I permanently set this encryption password and where?
I don’t want to type 2 passwords every time I run computer.
You can put the password into a file (readable only by root), and put the file path into “/etc/crypttab”.
However, I’m not sure of the point of encryption if you do that.
The reason I encrypt “/home”, is that one of these days the disk will die or the computer will die. So I’ll junk it. And, because it is encrypted, someone finding that disk at the junkyard won’t be able to get sensitive information from it. It the password is in a file, the will probably be able to recover the data.
You can always add a second encryption key (with “cryptsetup” run as root). Make that your login password. Then set your system up for automatic login. So you enter your password only once, though it happens to be for “/home” encryption rather than for login.
Personally, I just deal with the two passwords. It’s no big deal.
On 2015-03-22 17:26, GazetaCypr wrote:
> I have fresh install of 13.2 on HP 250 G3 laptop.
> During installation I asked to encrypt separate \home partition
> Now every time I boot system, before logging to KDE, I’m asked to
> provide encryption password.
> I was hoping system would remember that.
That would be unwise.
> How can I permanently set this encryption password and where?
> I don’t want to type 2 passwords every time I run computer.
Well, you must type both.
The login password doesn’t stop a thieve from reading your entire disk.
The encryption phrase (should be long) does.
What you can do is set the system to autologin. I’m unsure how that
handles with encryption, though.
Cheers / Saludos,
Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)
I can’t autologin because I set up guest account so a ‘guest’ could use computer.
Now without encryption password guest will not be able to login at all.
And if I give encryption password to anybody then the point of encryption is missed. I could not encrypt at all.
The reason for encryption was the same as nrickert.
I was thinking of full encryption of entire disk but for some strange reason I could not encrypt root (system) disk formated with Btrsf.
Can this file with password be in /home partition (encrypted) or it has to be in main partition / ?
The easiest way to do that, is to setup an encrypted LVM.
That’s what I do. So root, “/hom” and swap are all logical volumes within the LVM, so encrypted. There’s a separate “/boot” which is not encrypted but it doesn’t contain anything particularly private (just kernels, boot code and “initrd” files).
And if I give encryption password to anybody then the point of encryption is missed.
That’s the downside of encryption. You have to be there when the system boots.
I keep my desktop up all the time, so it isn’t a problem. Also, I’m the only user, though that’s a minor point.
On my work computer, I want it to be able to boot unattended. So I use encryption differently. I use randomly encrypted swap – since it is randomly encrypted, no key is requested. The downside of that is that I cannot hibernate that system. I make sure “/tmp” is mounted from tmpfs, so that if anything in “/tmp” is written to a physical disk, it will be as encrypted swap. And I use an “ecryptfs” encrypted home directory. That’s just my own home directory, not the full partition. The system boots without needing a key. When I login, then my home directory is automatically decrypted. (I did have to install “ecryptfs-utils” to be able to use this).
I’m describing what I do, rather than telling you what you should do. You will have to decide that for yourself.
Is it, then, easy to return to non-encrypted /home ? Without installation?
Because I’m thinking that it is not worth.
Just a question…
It depends on what you mean by “easy”.
- Backup “/home” to external media.
- Delete encrypted partition.
- create unencrypted “/home”
- Format, and restore from backup.
You should logout first. You can do all of that with Yast command line, at a terminal login screen (switch to console mode rather than GUI mode). Alternatively, you can create an addition user, say “support” with home directory “/support” so that it is not part of “/home”. Then login to the GUI as that user to make the changes.
Or, if you are adept at the command line, just login as root and manually edit “/etc/fstab” and use “fdisk” or similar to change your partitioning.
From command line:
- backup /home to external media (I would probably use “tar” or “dar” at the command line;
- delete “/etc/crypttab” or delete the one entry for that (after backup);
- umount /home
- edit “/etc/fstab” to directly mount “/home” without the crypto;
- use “mkfs” on the device to reformat the device for “/home” directly as “ext4” or whatever file system you want.
- mount /home
- restore from backup.