特殊:Badtitle/NS100:EncryptedFilesystemHowtoEdgy
文章出处: |
{{#if: | {{{2}}} | https://help.ubuntu.com/community/EncryptedFilesystemHowtoEdgy }} |
点击翻译: |
English {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/af | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|Afrikaans| [[::EncryptedFilesystemHowtoEdgy/af|Afrikaans]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/ar | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|العربية| [[::EncryptedFilesystemHowtoEdgy/ar|العربية]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/az | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|azərbaycanca| [[::EncryptedFilesystemHowtoEdgy/az|azərbaycanca]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/bcc | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|جهلسری بلوچی| [[::EncryptedFilesystemHowtoEdgy/bcc|جهلسری بلوچی]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/bg | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|български| [[::EncryptedFilesystemHowtoEdgy/bg|български]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/br | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|brezhoneg| [[::EncryptedFilesystemHowtoEdgy/br|brezhoneg]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/ca | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|català| [[::EncryptedFilesystemHowtoEdgy/ca|català]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/cs | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|čeština| [[::EncryptedFilesystemHowtoEdgy/cs|čeština]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/de | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|Deutsch| [[::EncryptedFilesystemHowtoEdgy/de|Deutsch]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/el | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|Ελληνικά| [[::EncryptedFilesystemHowtoEdgy/el|Ελληνικά]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/es | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|español| [[::EncryptedFilesystemHowtoEdgy/es|español]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/fa | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|فارسی| [[::EncryptedFilesystemHowtoEdgy/fa|فارسی]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/fi | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|suomi| [[::EncryptedFilesystemHowtoEdgy/fi|suomi]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/fr | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|français| [[::EncryptedFilesystemHowtoEdgy/fr|français]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/gu | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|ગુજરાતી| [[::EncryptedFilesystemHowtoEdgy/gu|ગુજરાતી]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/he | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|עברית| [[::EncryptedFilesystemHowtoEdgy/he|עברית]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/hu | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|magyar| [[::EncryptedFilesystemHowtoEdgy/hu|magyar]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/id | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|Bahasa Indonesia| [[::EncryptedFilesystemHowtoEdgy/id|Bahasa Indonesia]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/it | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|italiano| [[::EncryptedFilesystemHowtoEdgy/it|italiano]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/ja | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|日本語| [[::EncryptedFilesystemHowtoEdgy/ja|日本語]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/ko | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|한국어| [[::EncryptedFilesystemHowtoEdgy/ko|한국어]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/ksh | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|Ripoarisch| [[::EncryptedFilesystemHowtoEdgy/ksh|Ripoarisch]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/mr | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|मराठी| [[::EncryptedFilesystemHowtoEdgy/mr|मराठी]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/ms | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|Bahasa Melayu| [[::EncryptedFilesystemHowtoEdgy/ms|Bahasa Melayu]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/nl | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|Nederlands| [[::EncryptedFilesystemHowtoEdgy/nl|Nederlands]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/no | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|norsk| [[::EncryptedFilesystemHowtoEdgy/no|norsk]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/oc | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|occitan| [[::EncryptedFilesystemHowtoEdgy/oc|occitan]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/pl | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|polski| [[::EncryptedFilesystemHowtoEdgy/pl|polski]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/pt | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|português| [[::EncryptedFilesystemHowtoEdgy/pt|português]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/ro | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|română| [[::EncryptedFilesystemHowtoEdgy/ro|română]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/ru | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|русский| [[::EncryptedFilesystemHowtoEdgy/ru|русский]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/si | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|සිංහල| [[::EncryptedFilesystemHowtoEdgy/si|සිංහල]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/sq | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|shqip| [[::EncryptedFilesystemHowtoEdgy/sq|shqip]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/sr | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|српски / srpski| [[::EncryptedFilesystemHowtoEdgy/sr|српски / srpski]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/sv | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|svenska| [[::EncryptedFilesystemHowtoEdgy/sv|svenska]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/th | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|ไทย| [[::EncryptedFilesystemHowtoEdgy/th|ไทย]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/tr | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|Türkçe| [[::EncryptedFilesystemHowtoEdgy/tr|Türkçe]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/vi | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|Tiếng Việt| [[::EncryptedFilesystemHowtoEdgy/vi|Tiếng Việt]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/yue | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|粵語| [[::EncryptedFilesystemHowtoEdgy/yue|粵語]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/zh | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|中文| [[::EncryptedFilesystemHowtoEdgy/zh|中文]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/zh-hans | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|中文(简体)| [[::EncryptedFilesystemHowtoEdgy/zh-hans|中文(简体)]]}}|}} {{#ifexist: {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy | UbuntuHelp:EncryptedFilesystemHowtoEdgy | {{#if: | :}}EncryptedFilesystemHowtoEdgy}}/zh-hant | • {{#if: UbuntuHelp:EncryptedFilesystemHowtoEdgy|中文(繁體)| [[::EncryptedFilesystemHowtoEdgy/zh-hant|中文(繁體)]]}}|}} |
{{#ifeq:UbuntuHelp:EncryptedFilesystemHowtoEdgy|:EncryptedFilesystemHowtoEdgy|请不要直接编辑翻译本页,本页将定期与来源同步。}} |
{{#ifexist: :EncryptedFilesystemHowtoEdgy/zh | | {{#ifexist: EncryptedFilesystemHowtoEdgy/zh | | {{#ifeq: {{#titleparts:EncryptedFilesystemHowtoEdgy|1|-1|}} | zh | | }} }} }} {{#ifeq: {{#titleparts:EncryptedFilesystemHowtoEdgy|1|-1|}} | zh | | }}
As I found no decent HowTo for root encryption using the Edgy RC I will collect my experiences here, so others can build on them and improve this HowTo. This shares large parts with other HowTos for DapperDrake. It has been a day now and I didn't bother to write down everything. This is a first draft from the top of my head. I will try this later today and correct all mistakes. DON'T USE THIS YET!
Preamble
I use a Thinkpad T43 for everything I do. (Though nothing described here should be dependent on that.) My setup until now was an encrypted home partition and encrypted swap using cryptsetup-LUKS. If you follow this howto you should end up with:
- An unencrypted /boot partition containing all your kernels, their respective initramfs' and your grub config
- An encrypted partition which will be mounted as /
- One (or more) partition(s) to hold your users personal data
I assume you are familiar with the command line and Ubuntu/Debian in general, thus I will not elaborate every step in detail. ...and make sure you try 'man' if you don't understand something or want to know more, e.g. about crypttab.
System Installation
Install Edgy Eft on the target System. My scenario assumes a 100GB hard disk (/dev/sdb).
- Create 4 partitions.
i. sdb1, 500MB, fs: ext3, mountpoint: /boot (This will stay /boot) i. sdb2, 1500MB, fs: linux-swap (This will be our encrypted swap partition) i. sdb3, 15GB, fs ext3, mountpoint: none (This will be our encrypted root partition, keep it out of the way for now) i. sdb4, 73GB, fs ext3, mountpoint: / (This will be our encrypted /home. We will install our system here temporarily)
- Finish the installation until you sit in front of a clean system.
Cryptroot
- Install all necessary software (you might have to enable universe/multiverse):
apt-get install cryptsetup libpam-mount initramfs-tools
- Clean out our future encrypted / partition
- Fill your future cryptroot with random data:
sudo dd if=/dev/random of=/dev/sdb3
- Use luksformat to create an encrypted filesystem on /dev/sdb3:
luksformat -t ext3 /dev/sdb3
(Just follow the instructions. Use a good password!) - Add cryptroot to /etc/crypttab (This should not be necessary IMHO, because the initramfs will mount it as such, but I think without this something didn't work)
- Fill your future cryptroot with random data:
kbarrett: I needed to add the following modules to the edgy kernel to get luksformat to work at this point:
- sudo modprobe dm_crypt
- sudo modprobe sha256
- sudo modprobe aes_i586
Then I created a /etc/mkinitramfs directory,and added these module names to /etc/mkintramfs/modules and ran:
- sudo update-initramfs -u ALL
end edit
sudo echo "cryptroot /dev/sdb3 none luks,cipher=aes-cbc-essiv:sha256" > /etc/crypttab
- While we're at it, we can also add our cryptswap
sudo echo "cryptswap /dev/sdb2 /dev/random swap" >> /etc/crypttab
- Replace the entry for / from /etc/fstab with something for our cryptroot
/dev/mapper/cryptroot / ext3 defaults,errors=remount-ro 0 1
- Replace the entry for the swap partition from /etc/fstab with something for our cryptswap
/dev/mapper/cryptswap none swap sw 0 0
kbarrett: When I edited /etc/fstab, I needed to dump back to the old style version, and specified actual partition devices, and commented out the LVM stuff.
It might be possible to use the LVM volume names, but then this whole howto would need to be altered to match that.
end edit
- Switch off all swap:
sudo swapoff -a
- Fill your future cryptoswap with random data:
sudo dd if=/dev/random of=/dev/sdb2
- You can try your new cryptdisks by issuing '
sudo /etc/init.d/cryptdisks start
'. You should be prompted for the password for your cryptroot. - Enable cryptswap:
sudo swapon -a
- Mount cryptroot:
mkdir /tmp/cryptroot && sudo mount /dev/mapper/cryptroot /tmp/cryptroot
- Copy your root content over:
sudo cp -avx / /tmp/cryptroot
- Now that everything should be in place, regenerate the initramfs:
sudo update-initramfs -u ALL
- (You might want to check if the cryptsetup and dmsetup tools are in there. I think the verbose mode for update-initramfs is broken...)
- You should by now be ready to take your new cryptroot for a test drive
- Read ALL these sub instructions first!
- Reboot your system and interrupt grub
- Edit the kernel command line to point to the new cryptoroot and remove 'splash':
kernel /vmlinuz-2.6.17-10-generic root=/dev/mapper/sdb3 ro quiet
- Enter your cryptroot password. (Now here's a thing: THE KEYBOARD LAYOUT IS ENGLISH! This one nearly got me mad...)
- (It should also be possible to read a key-file from a USB-key and such...)
- The system should boot up fine
kbarrett: I used an alternate method that did not require interrupting grub:
- sudo vi /boot/grub/menu.lst
- then copy the kernel line from the 2.6.17-10-generic boot stanza over the kernel line in the recovery mode stanza, and rename it from recovery to cleartext root. This will give you a way back in if everything blows up on you.
- Then I replaced the main stanza kernel line with:
- kernel /vmlinuz-2.6.17-10-generic root=/dev/mapper/cryptroot ro quiet
Using this instead of specifying the partition allows you to specify your cryptoroot in /etc/crypttab ... a better solution, IMO. The last thing you need to do is alter the #kopt root= line to point at cryptroot, so you don't get screwed up when some script runs update-grub on you.
end edit
- Check if cryptswap is active:
cat /proc/swaps
- Everything should work, now we'll set up pam-mount
- Check if cryptswap is active:
pam-mount: Crypthomes for the masses
I like the idea of this one. It mounts your encrypted user home the instant you try to log in using your user password as the key (You have a good password, don't cha?). We have installed it already, so theres not much left to do but configure it.
- Overwrite our old root partition with random data:
sudo dd if=/dev/random of=/dev/sdb4
- Create an encrypted filesystem on our old root (/dev/sdb4) and make sure you use the same password as your login password:
sudo luksformat -t ext3 /dev/sdb4
- Mount the cryptdisk and give it to the user (e.g robert):
sudo cryptsetup luksOpen /dev/sdb4 crypthome
mkdir /tmp/crypthome && sudo mount /dev/mapper/crypthome /tmp/crypthome
- kbarrett: You need to copy your home directory over now.
- sudo cp -avx /home/robert/* /tmp/crypthome
sudo chown -R robert:robert /tmp/crypthome
sudo umount /tmp/crypthome
sudo cryptsetup luksClose crypthome
- Add an entry for your user in
/etc/security/pam_mount.conf
. Assuming your username is 'robert' it should work like this:sudo echo "volume robert crypt - /dev/sdb4 /home/robert - - -" >> /etc/security/pam_mount.conf
- There might be smarter ways to do this pam-mount thing, I'm not an expert...
- Edit
/etc/pam.d/(login|gdm)
:sudo echo "@include common-pammount" >> /etc/pam.d/login
sudo echo "@include common-pammount" >> /etc/pam.d/gdm
- Restart gdm
- Login.