Small blog about system administration.

Encrypting your home directory on Debian Wheezy

First install the required package ecryptfs-utils
sudo apt-get install ecryptfs-utils
Then you need to load the ecryptfs kernel module, either reboot or run
sudo modprobe ecryptfs
The user whose home directory you want to encrypt must NOT be logged in, so log of the user and run the following as root. (You should not login as root in X, use a tty console ctrl + alt + F1)
You can check if the user is logged in with this command “ps -fu <username>”.
Run as root:
ecryptfs-migrate-home -u <username>
When this is done the user must login before rebooting the computer.
If the user can access the files in the users home directory you can remove the backup folder in /home/<username>.<random characters>
The user should also run this command to get the random encryption key and store it in a secure location (outside the encrypted home directory and not on the same machine) in case a recovery is needed.
ecryptfs-unwrap-passphrase
OBS! This only encrypts your home folder, your files may still be swapped to the swap partition where they will be unencrypted.
So to encrypt the swap we first need to install the package cryptsetup which contains the tool cryptdisks, then we run this command:
sudo apt-get install cryptsetup sudo ecryptfs-setup-swap
Note: Encrypting the swap makes you unable hibernate your computer, but you can still suspend to RAM.

No comments :

Post a Comment