Lab 10.2 Debian 8 don't ask me any password

Santos82h

Hello

I did the lab 10.2 just as it is explained but when I reboot my Debian 8 it don't ask any password for my swap partition.

This is what I did:

$ cat /proc/swaps
Filename Type Size Used Priority
/dev/sda5 partition 4193776 0 -1
$ sudo swapoff /dev/sda5
$ sudo cryptsetup luksFormat --cipher aes /dev/sda5
$ sudo cryptsetup luksOpen /dev/sda5 swapcrypt
$ sudo mkswap /dev/mapper/swapcrypt
$ sudo swapon /dev/mapper/swapcrypt
$ cat /proc/swaps
Filename Type Size Used Priority
/dev/dm-0 partition 265212 0 -1
$ sudo dmsetup info /dev/dm-0
Name: swapcrypt
State: ACTIVE
Read Ahead: 256
Tables present: LIVE
Open count: 2
Event number: 0
Major, minor: 254, 0
Number of targets: 1
UUID: CRYPT-PLAIN-swapcrypt
$ sudo nano /etc/crypttab
swapcrypt /dev/sda5 /dev/urandom swap,cipher=aes-cbc-essiv:sha256,size=256
$ sudo nano /etc/fstab
/dev/mapper/swapcrypt none swap defaults 0 0
$ sudo reboot
...
$ cat /proc/swaps
Filename Type Size Used Priority
/dev/dm-0 partition 265212 0 -1
$ cat /proc/meminfo | grep Swap
SwapCached: 0 kB
SwapTotal: 265212 kB
SwapFree: 265212 kB

The pass is only asked when I did `sudo cryptsetup luksOpen /dev/sda5 swapcrypt` but no when debian reboot

luisviveropena

Hi,

What happened in Lab 10.1? Did it work or fail? I ask to know if the exercise is not working for Debian 8 and swap only. There uses to be some small differences between distros. In fact, look at this:

https://wiki.debian.org/TransparentEncryptionForHomeFolder

If you want to encrypt the swap partition too:

sudo apt-get install cryptsetup
sudo ecryptfs-setup-swap

Regards,
Luis.

Santos82h

Hi Luis

Lab 10.1 was fine in debian 8. No problem there.

Also I did

sudo apt-get install cryptsetup

before trying lab 10.1 and 10.2

but ecryptfs-setup-swap not seen work:

$ sudo ecryptfs-setup-swap
sudo: ecryptfs-setup-swap: command not found
$ sudo apt-get install ecryptfs-setup-swap
Leyendo lista de paquetes... Hecho
Creando árbol de dependencias
Leyendo la información de estado... Hecho
E: No se ha podido localizar el paquete ecryptfs-setup-swap

luisviveropena

Hi,

The right package name is ecryptfs-utils. When you don't know the package name you can search here:

https://packages.debian.org

In this case you can search for 'package contents' and ecryptfs-setup-swap. And you will get an output like this:


File Packages
/usr/bin/ecryptfs-setup-swap ecryptfs-utils

So please install the package and try again.

Regards,
Luis.

Santos82h

Hello

now the problem is:

$ sudo ecryptfs-setup-swap

WARNING:
An encrypted swap is required to help ensure that encrypted files are not leaked to disk in an unencrypted format.

HOWEVER, THE SWAP ENCRYPTION CONFIGURATION PRODUCED BY THIS PROGRAM WILL BREAK HIBERNATE/RESUME ON THIS SYSTEM!

NOTE: Your suspend/resume capabilities will not be affected.

Do you want to proceed with encrypting your swap? [y/N]: y

INFO: Setting up swap: [/dev/sda5]
WARNING: Commented out your unencrypted swap from /etc/fstab
swapon: fallo de 'stat': /dev/mapper/cryptswap1): No existe el fichero o el directorio


:___

saqman2060

Santos82h wrote:

Hello

now the problem is:

$ sudo ecryptfs-setup-swap

WARNING:
An encrypted swap is required to help ensure that encrypted files are not leaked to disk in an unencrypted format.

HOWEVER, THE SWAP ENCRYPTION CONFIGURATION PRODUCED BY THIS PROGRAM WILL BREAK HIBERNATE/RESUME ON THIS SYSTEM!

NOTE: Your suspend/resume capabilities will not be affected.

Do you want to proceed with encrypting your swap? [y/N]: y

INFO: Setting up swap: [/dev/sda5]
WARNING: Commented out your unencrypted swap from /etc/fstab
swapon: fallo de 'stat': /dev/mapper/cryptswap1): No existe el fichero o el directorio


:___

sounds like Linux did not want to mount and unecrypted swap partition. Before you encrypt you swap, thoroughly read the manpage for that encryption software and practice on a space swap to allow yourself to break it to learn.

Since the swap you have in /fstab is not encrypted, remove and run sudo ecryptfs-setup-swap again.

luisviveropena

Hi,

1) It may be related to an UUID change, as it happened to this guy here:

http://foro.ubuntu-guia.com/Como-hacer-que-LMDE-reconozca-la-SWAP-td3683054.html

2) Or it may be related to a bug:

https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/953875

So, please start with 1) and check what you have in /etc/fstab, confirm if the UUID is ok.

Regards,
Luis.