Welcome to the Linux Foundation Forum!

Lab 10.2 Debian 8 don't ask me any password

Santos82h
Santos82h Posts: 8
in LFS201 Class Forum

Hello

I did the lab 10.2 just as it is explained but when I reboot my Debian 8 it don't ask any password for my swap partition.

This is what I did:

$ cat /proc/swaps
Filename Type Size Used Priority
/dev/sda5 partition 4193776 0 -1
$ sudo swapoff /dev/sda5
$ sudo cryptsetup luksFormat --cipher aes /dev/sda5
$ sudo cryptsetup luksOpen /dev/sda5 swapcrypt
$ sudo mkswap /dev/mapper/swapcrypt
$ sudo swapon /dev/mapper/swapcrypt
$ cat /proc/swaps
Filename Type Size Used Priority
/dev/dm-0 partition 265212 0 -1
$ sudo dmsetup info /dev/dm-0
Name: swapcrypt
State: ACTIVE
Read Ahead: 256
Tables present: LIVE
Open count: 2
Event number: 0
Major, minor: 254, 0
Number of targets: 1
UUID: CRYPT-PLAIN-swapcrypt
$ sudo nano /etc/crypttab
swapcrypt /dev/sda5 /dev/urandom swap,cipher=aes-cbc-essiv:sha256,size=256
$ sudo nano /etc/fstab
/dev/mapper/swapcrypt none swap defaults 0 0
$ sudo reboot
...
$ cat /proc/swaps
Filename Type Size Used Priority
/dev/dm-0 partition 265212 0 -1
$ cat /proc/meminfo | grep Swap
SwapCached: 0 kB
SwapTotal: 265212 kB
SwapFree: 265212 kB


The pass is only asked when I did `sudo cryptsetup luksOpen /dev/sda5 swapcrypt` but no when debian reboot

Comments

  • luisviveropena
    luisviveropena Posts: 893
    Hi,

    What happened in Lab 10.1? Did it work or fail? I ask to know if the exercise is not working for Debian 8 and swap only. There uses to be some small differences between distros. In fact, look at this:

    https://wiki.debian.org/TransparentEncryptionForHomeFolder

    If you want to encrypt the swap partition too:

    sudo apt-get install cryptsetup
    sudo ecryptfs-setup-swap

    Regards,
    Luis.
  • Santos82h
    Santos82h Posts: 8
    Hi Luis

    Lab 10.1 was fine in debian 8. No problem there.

    Also I did

    sudo apt-get install cryptsetup

    before trying lab 10.1 and 10.2

    but ecryptfs-setup-swap not seen work:

    $ sudo ecryptfs-setup-swap
    sudo: ecryptfs-setup-swap: command not found
    $ sudo apt-get install ecryptfs-setup-swap
    Leyendo lista de paquetes... Hecho
    Creando árbol de dependencias
    Leyendo la información de estado... Hecho
    E: No se ha podido localizar el paquete ecryptfs-setup-swap
  • luisviveropena
    luisviveropena Posts: 893
    Hi,

    The right package name is ecryptfs-utils. When you don't know the package name you can search here:

    https://packages.debian.org

    In this case you can search for 'package contents' and ecryptfs-setup-swap. And you will get an output like this:


    File Packages
    /usr/bin/ecryptfs-setup-swap ecryptfs-utils

    So please install the package and try again.

    Regards,
    Luis.
  • Santos82h
    Santos82h Posts: 8
    Hello

    now the problem is:

    $ sudo ecryptfs-setup-swap

    WARNING:
    An encrypted swap is required to help ensure that encrypted files are not leaked to disk in an unencrypted format.

    HOWEVER, THE SWAP ENCRYPTION CONFIGURATION PRODUCED BY THIS PROGRAM WILL BREAK HIBERNATE/RESUME ON THIS SYSTEM!

    NOTE: Your suspend/resume capabilities will not be affected.

    Do you want to proceed with encrypting your swap? [y/N]: y

    INFO: Setting up swap: [/dev/sda5]
    WARNING: Commented out your unencrypted swap from /etc/fstab
    swapon: fallo de 'stat': /dev/mapper/cryptswap1): No existe el fichero o el directorio


    :___
  • saqman2060
    saqman2060 Posts: 777
    Santos82h wrote:
    Hello

    now the problem is:

    $ sudo ecryptfs-setup-swap

    WARNING:
    An encrypted swap is required to help ensure that encrypted files are not leaked to disk in an unencrypted format.

    HOWEVER, THE SWAP ENCRYPTION CONFIGURATION PRODUCED BY THIS PROGRAM WILL BREAK HIBERNATE/RESUME ON THIS SYSTEM!

    NOTE: Your suspend/resume capabilities will not be affected.

    Do you want to proceed with encrypting your swap? [y/N]: y

    INFO: Setting up swap: [/dev/sda5]
    WARNING: Commented out your unencrypted swap from /etc/fstab
    swapon: fallo de 'stat': /dev/mapper/cryptswap1): No existe el fichero o el directorio


    :___

    sounds like Linux did not want to mount and unecrypted swap partition. Before you encrypt you swap, thoroughly read the manpage for that encryption software and practice on a space swap to allow yourself to break it to learn.

    Since the swap you have in /fstab is not encrypted, remove and run sudo ecryptfs-setup-swap again.
  • luisviveropena
    luisviveropena Posts: 893
    Hi,

    1) It may be related to an UUID change, as it happened to this guy here:

    http://foro.ubuntu-guia.com/Como-hacer-que-LMDE-reconozca-la-SWAP-td3683054.html

    2) Or it may be related to a bug:

    https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/953875

    So, please start with 1) and check what you have in /etc/fstab, confirm if the UUID is ok.

    Regards,
    Luis.

Categories

Upcoming Training