Hey guys.
First off I’m new to the openSUSE community and would just like to say hi!
So, to the issue at hand.
I recently switched to openSUSE 11.4 from Debian. I noticed the setup didn’t have an option encrypt the home folder like it does in Debian, so not being aware of any other way to encrypt it, I created a new partition, backed up my current home directory, created a new partition and mounted it as home before copying in the contents of the backup to the encrypted home partition I created. Now of course it is askingme to put the crypto password in at each boot, which isn’t ideal because it’s a family machine and no-one would remember the password but me. Is there any way of being able to automount the encrypted partition without having to put the key in every time? Or better yet an encrypted home folder that doesn’t require the key to be put in on each login (as in Debian) without even using a dedicated partition.
Thanks!
-shiny
Hi,
sorry I don’t have the answer to this question.
I do ask myself, however, if that makes any sense : if the encrypted partition is automounted automatically at each boot, it might just as well not be encrypted?
HTH
Lenwolf
I think this is partly the distinction between an encrypted home directory and an encrypted home partition.
If you encrypt the home partition (as I do), then it cannot be mounted without the encryption key.
If you encrypt the home directory, that still needs an encryption key. I have no experience with doing this. But it is my understanding that a PAM module can use your login password to decrypt the home directory for the loopback mount. So you wouldn’t actually notice the need for a key, since just logging in would provide that.
I’m not sure if you can setup an encrypted home directory during install. The option is there when you create a new user. So I guess the trick is to give a dummy user name during install, then later add the user that you want to be, with encrypted home directory. And, once that is done, you can restore the file used in the loopback encryption to get back the former home directory contents (assuming that you use the same password as before).
On Sun, 24 Jul 2011 14:06:02 +0000, lenwolf wrote:
> I do ask myself, however, if that makes any sense : if the encrypted
> partition is automounted automatically at each boot, it might just as
> well not be encrypted?
If the system requires a password as well (at the BIOS or boot loader
level), then no, encrypting the partition and having it automount without
a password would have value - someone couldn’t take the hard drive out
and stick it in another system as a secondary drive and access the data.
Jim
–
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C
On 2011-07-24 11:46, Shinypaper wrote:
>
> Hey guys.
>
> First off I’m new to the openSUSE community and would just like to say
> hi!
Hi
> So, to the issue at hand.
>
> I recently switched to openSUSE 11.4 from Debian. I noticed the setup
> didn’t have an option encrypt the home folder like it does in Debian, so
> not being aware of any other way to encrypt it, I created a new
> partition, backed up my current home directory, created a new partition
> and mounted it as home before copying in the contents of the backup to
> the encrypted home partition I created.
There is the option when creating a user in YaST to create an encrypted
home for that user. It is in fact an encrypted loop mounted file. Each user
can have its defined home space that way.
> Now of course it is askingme to
> put the crypto password in at each boot, which isn’t ideal because it’s
> a family machine and no-one would remember the password but me. Is there
> any way of being able to automount the encrypted partition without
> having to put the key in every time?
Nope. If you have an encrypted partition mounted during boot, there is no
way round but entering a passphrase. It could be hacked, I suppose, to
script it to read it from a keycard or something, but someone could steal
it. As good as plain, non encrypted.
–
Cheers / Saludos,
Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)