Welcome to the Linux Foundation Forum!
Lab 10.2 Debian 8 don't ask me any password
Santos82h
Posts: 8
Hello
I did the lab 10.2 just as it is explained but when I reboot my Debian 8 it don't ask any password for my swap partition.
This is what I did:
$ cat /proc/swaps
Filename Type Size Used Priority
/dev/sda5 partition 4193776 0 -1
$ sudo swapoff /dev/sda5
$ sudo cryptsetup luksFormat --cipher aes /dev/sda5
$ sudo cryptsetup luksOpen /dev/sda5 swapcrypt
$ sudo mkswap /dev/mapper/swapcrypt
$ sudo swapon /dev/mapper/swapcrypt
$ cat /proc/swaps
Filename Type Size Used Priority
/dev/dm-0 partition 265212 0 -1
$ sudo dmsetup info /dev/dm-0
Name: swapcrypt
State: ACTIVE
Read Ahead: 256
Tables present: LIVE
Open count: 2
Event number: 0
Major, minor: 254, 0
Number of targets: 1
UUID: CRYPT-PLAIN-swapcrypt
$ sudo nano /etc/crypttab
swapcrypt /dev/sda5 /dev/urandom swap,cipher=aes-cbc-essiv:sha256,size=256
$ sudo nano /etc/fstab
/dev/mapper/swapcrypt none swap defaults 0 0
$ sudo reboot
...
$ cat /proc/swaps
Filename Type Size Used Priority
/dev/dm-0 partition 265212 0 -1
$ cat /proc/meminfo | grep Swap
SwapCached: 0 kB
SwapTotal: 265212 kB
SwapFree: 265212 kB
Filename Type Size Used Priority
/dev/sda5 partition 4193776 0 -1
$ sudo swapoff /dev/sda5
$ sudo cryptsetup luksFormat --cipher aes /dev/sda5
$ sudo cryptsetup luksOpen /dev/sda5 swapcrypt
$ sudo mkswap /dev/mapper/swapcrypt
$ sudo swapon /dev/mapper/swapcrypt
$ cat /proc/swaps
Filename Type Size Used Priority
/dev/dm-0 partition 265212 0 -1
$ sudo dmsetup info /dev/dm-0
Name: swapcrypt
State: ACTIVE
Read Ahead: 256
Tables present: LIVE
Open count: 2
Event number: 0
Major, minor: 254, 0
Number of targets: 1
UUID: CRYPT-PLAIN-swapcrypt
$ sudo nano /etc/crypttab
swapcrypt /dev/sda5 /dev/urandom swap,cipher=aes-cbc-essiv:sha256,size=256
$ sudo nano /etc/fstab
/dev/mapper/swapcrypt none swap defaults 0 0
$ sudo reboot
...
$ cat /proc/swaps
Filename Type Size Used Priority
/dev/dm-0 partition 265212 0 -1
$ cat /proc/meminfo | grep Swap
SwapCached: 0 kB
SwapTotal: 265212 kB
SwapFree: 265212 kB
The pass is only asked when I did `sudo cryptsetup luksOpen /dev/sda5 swapcrypt` but no when debian reboot
0
Comments
What happened in Lab 10.1? Did it work or fail? I ask to know if the exercise is not working for Debian 8 and swap only. There uses to be some small differences between distros. In fact, look at this:
https://wiki.debian.org/TransparentEncryptionForHomeFolder
If you want to encrypt the swap partition too:
sudo apt-get install cryptsetup
sudo ecryptfs-setup-swap
Regards,
Luis.
Lab 10.1 was fine in debian 8. No problem there.
Also I did
sudo apt-get install cryptsetup
before trying lab 10.1 and 10.2
but ecryptfs-setup-swap not seen work:
$ sudo ecryptfs-setup-swap
sudo: ecryptfs-setup-swap: command not found
$ sudo apt-get install ecryptfs-setup-swap
Leyendo lista de paquetes... Hecho
Creando árbol de dependencias
Leyendo la información de estado... Hecho
E: No se ha podido localizar el paquete ecryptfs-setup-swap
The right package name is ecryptfs-utils. When you don't know the package name you can search here:
https://packages.debian.org
In this case you can search for 'package contents' and ecryptfs-setup-swap. And you will get an output like this:
File Packages
/usr/bin/ecryptfs-setup-swap ecryptfs-utils
So please install the package and try again.
Regards,
Luis.
now the problem is:
$ sudo ecryptfs-setup-swap
WARNING:
An encrypted swap is required to help ensure that encrypted files are not leaked to disk in an unencrypted format.
HOWEVER, THE SWAP ENCRYPTION CONFIGURATION PRODUCED BY THIS PROGRAM WILL BREAK HIBERNATE/RESUME ON THIS SYSTEM!
NOTE: Your suspend/resume capabilities will not be affected.
Do you want to proceed with encrypting your swap? [y/N]: y
INFO: Setting up swap: [/dev/sda5]
WARNING: Commented out your unencrypted swap from /etc/fstab
swapon: fallo de 'stat': /dev/mapper/cryptswap1): No existe el fichero o el directorio
:___
sounds like Linux did not want to mount and unecrypted swap partition. Before you encrypt you swap, thoroughly read the manpage for that encryption software and practice on a space swap to allow yourself to break it to learn.
Since the swap you have in /fstab is not encrypted, remove and run sudo ecryptfs-setup-swap again.
1) It may be related to an UUID change, as it happened to this guy here:
http://foro.ubuntu-guia.com/Como-hacer-que-LMDE-reconozca-la-SWAP-td3683054.html
2) Or it may be related to a bug:
https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/953875
So, please start with 1) and check what you have in /etc/fstab, confirm if the UUID is ok.
Regards,
Luis.