Encrypting your home directory using LUKS on Debian/UbuntuFeeding the Cloud
<a href="https://creativecommons.org/licenses/by-sa/4.0/">Creative Commons Attribution-ShareAlike 4.0 International License</a>
https://feeding.cloud.geek.nz/posts/encrypting-your-home-directory-using/Feeding the Cloudikiwiki2020-10-30T21:58:28Zhttps://feeding.cloud.geek.nz/posts/encrypting-your-home-directory-using/comment_1_76930720d1e99e2b28135ee1a829948b/Anonymous2012-11-04T04:30:26Z2008-05-24T09:02:00Z
You forgot one important step: Wipe the temporary partition after you copied your /home content back. Otherwise a thief could still get at your old /home contents on that partition.
https://feeding.cloud.geek.nz/posts/encrypting-your-home-directory-using/comment_2_b2786d7a5bcefc83bb2f6ac1c2fb6f0e/Anonymous2012-11-04T04:30:26Z2008-05-24T09:24:00Z
You might want to use a different tool to remove the temporary home dir copy, e.g. wipe -r -f -q homedircopy
https://feeding.cloud.geek.nz/posts/encrypting-your-home-directory-using/comment_4_21f15f8f5239c88155985b4b8dcd6d0b/flithm2012-11-04T04:30:26Z2008-05-24T11:07:00Z
What does this mean for disaster recovery situations? What do I need to put on USB key and into a lock box in order to recover the data, and how exactly is it done?
https://feeding.cloud.geek.nz/posts/encrypting-your-home-directory-using/comment_6_dd7c06dcbf5457940649839595acfff1/dozykraut2012-11-04T04:30:26Z2008-05-24T12:42:00Z
<p>Why not start with basics:<br />
1. Set a strong BIOS password<br />
2. Disable (in BIOS) booting from removable media<br />
3. Set a global GRUB password, so ALL options in menulist require a password.</p>
<p>The ordinary thief will already pass after encountering those obstacles.</p>
<p>Then encrypt your home partition.</p>
<p>Regards<br />
The Dozy Kraut</p>
https://feeding.cloud.geek.nz/posts/encrypting-your-home-directory-using/comment_7_e8a510460d8c219fa12128afd8cf9710/Berto2012-11-04T04:30:26Z2008-05-24T14:05:00Z
You can also use <a href="http://blogs.igalia.com/mario/2008/03/08/automatically-mounting-luks-encrypted-partitions-with-pam_mount/">libpam-mount</a> to make things easier <img alt=":-)" src="https://feeding.cloud.geek.nz/smileys/smile.png" />
https://feeding.cloud.geek.nz/posts/encrypting-your-home-directory-using/comment_8_9011dd82e9eefc48e9a1e4aec3bc3f80/Jon Dowland2012-11-04T04:30:26Z2008-05-24T14:11:00Z
Why not encrypt the temporary partition too, to prevent you having to hope wipe/shred etc. are thorough enough? Also a tarpipe ((cd /home/foo; tar c . ) | ( cd /tmp/foo; tar x )) or rsync would be better than cp -a (and cp -a /home/foo /tmp/foo would be better than the glob which could expand to too many arguments for the command line and will exclude dotfiles)
https://feeding.cloud.geek.nz/posts/encrypting-your-home-directory-using/comment_10_8065af72d9616192dd47eb924a61d8d5/Jan Wagner2012-11-04T04:30:26Z2008-05-24T15:08:00Z
You should think about encrypting /tmp, /var/tmp and swap too, since there may sensitive data even if the machine is switched off.
https://feeding.cloud.geek.nz/posts/encrypting-your-home-directory-using/comment_11_62228acffb5b64cb372b260d03294adc/Kai Hendry2012-11-04T04:30:26Z2008-05-25T16:31:00Z
After <a href="http://dabase.com/e/01202/">unsuccessfully trying encryption on a LVM partition</a>, I think it's safer to do a loopback strategy.
LUKS keyhttps://feeding.cloud.geek.nz/posts/encrypting-your-home-directory-using/comment_12_abdd8124a6af058ad8500bafa47dcc9e/julio2018-01-05T20:38:30Z2017-12-04T23:46:28Z
<p>Good post and good comments.
I was wondering about the passphrase LUKS requires to decrypt.</p>
<p>Where should I setup it up to decrypt files upon user login?</p>
<p>Thanks!</p>
Unmounting /homehttps://feeding.cloud.geek.nz/posts/encrypting-your-home-directory-using/comment_13_466daae3810506ee699b1b4c421d866a/jamesob2020-02-17T20:19:25Z2020-02-17T19:58:45Z
If you get errors during <code>umount /home</code>, you may need to end your graphical shell and login as root before mounting /home. On Debian, e.g., you can do this by pressing CTRL+ALT+F{1,2,3,4} at a graphical login prompt before logging in as a regular user, and then logging in as <code>root</code> from there. This way, <code>lsof /home</code> should return nothing and you should be able to unmount /home without error.
comment 14https://feeding.cloud.geek.nz/posts/encrypting-your-home-directory-using/comment_11_faa30b967d333be1b081f48059431007/Anonyme2020-10-30T21:56:54Z2020-10-30T20:38:10Z
Thanks for the info, but where do you enter the password when using this method?
Re: comment 14https://feeding.cloud.geek.nz/posts/encrypting-your-home-directory-using/comment_12_f97b9af438b6098eaeefed07c93965ca/francois2020-10-30T21:58:28Z2020-10-30T21:58:19Z
<blockquote><p>Thanks for the info, but where do you enter the password when using this method?</p></blockquote>
<p>As long as your home directory is mounted automatically via <code>/etc/fstab</code>, you should be prompted for the password at boot time.</p>