Partition Encryption
Last Updated on Thursday, 10 December 2009 06:02
| Article Index |
|---|
| 1. Scenario |
| 2. Prerequisites |
| 3. Create Encrypted Partition |
| 4. Create Filesystem |
| 5. Edit pam_mount.conf |
| 6. Configure pam authentication |
| 7. Testing encrypted partition |
1. Scenario
In this Linux config we are going to create encrypted partition for user "linuxconfig" and use pam_mount to mount it under /home/linuxconfig directory. For this config we have used Debian Linux, however the very same principle for creating encrypted partitions can be applied also for any other Linux distributions such as SuSe, RedHat, Gentoo, Ubuntu.
2. Prerequisites
First and the most important one is to make sure that on partition on which you are going to encrypt, is empty. If you have some important data there move them NOW to some save place. When creating encrypted partition all data will be removed. Secondly we need to satisfied software prerequisite so you need to install packages for:
- cryptsetup ( Ubuntu, Debian package: cryptsetup )
- pam_mount ( Ubuntu, Debian package: libpam-mount )
3. Create Encrypted Partition
This command will create Encrypted partition /dev/sdb1 by formating it with LUKS Encryption:
# cryptsetup luksFormat /dev/sdb1
Open Encrypted partition:
This command will create an entry in /dev/mapper for sdb1 partition.
# cryptsetup luksOpen /dev/sdb1 sdb1
4. Create Filesystem
Now we can create filesystem as on any other partition. The only difference is that we create filesystem via mapper. If you try to create filesystem on /dev/sdb1 you will get this error message:
mke2fs 1.40-WIP (14-Nov-2006)
/dev/sdb1 is apparently in use by the system; will not make a filesystem here!
Instead we will use command:
# mkfs.ext3 /dev/mapper/sdb1
5. Edit pam_mount.conf
Because we want new encrypted partition to be mounted every time user "linuxconfig" log in we need to alter /etc/security/pam_mount.conf file and add this line:
volume linuxconfig crypt - /dev/sdb1 /home/linuxconfig - - -
6. Configure pam authentication
On Debian or Ubuntu system, you will need to edit two files:
/etc/pam.d/common-auth :
auth optional pam_mount.so
/etc/pam.d/common-session
session optional pam_mount.so
Please NOTE: Some distributions have only one file with both auth and session.
7. Testing encrypted partition
Let's try login as a "linuxconfig" user, please note that you will be prompted to enter password two times, first time it will be your UNIX password and second time it will be your passphrase for your encrypted partition:
Now we need to confirm that we are using our new encrypted partition:
Share this linux post:
Please visit our new Linux Forum for additional help or discussion.
| Linux eBooks FREE Download | ||||
|
|
|
|
|