[opensuse] enrypted swap without password?
Hi, I'd like to have an encrypted swap partition, but without asking me for a password when booting. I tried two different approaches: - http://en.opensuse.org/Encrypted_Root_File_System_with_SUSE_HOWTO did as described (in regard of swap), all worked fine, except that I had to enter the password when booting. So "undid" what I did, and - formatted swap with Yast as encrypted, left the password phrase dialog empty. This worked too, but I was still asked to enter the password and had to hit Newline to go on with booting. How can I have an encrypted swap with no intervention needed at boot time? Daniel -- Daniel Bauer photographer Basel Switzerland professional photography: http://www.daniel-bauer.com erotic art photos: http://www.bauer-nudes.com/en/linux.html Madagascar special: http://www.fotograf-basel.ch/madagascar/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hi! Am Donnerstag 24 April 2008 schrieb Daniel Bauer:
I'd like to have an encrypted swap partition, but without asking me for a password when booting.
[...]
How can I have an encrypted swap with no intervention needed at boot time?
What would be the advantage of having it encrypted if it can be read without a password? You could however try to use a certificate instead of a password and store that certificate on a usb stick that you only plug into your computer for booting. Regards, Matthias -- Matthias Bach www.marix.org „Der einzige Weg, die Grenzen des Möglichen zu finden, ist ein klein wenig über diese hinaus in das Unmögliche vorzustoßen.“ - Arthur C. Clarke
Am Donnerstag, 24. April 2008 schrieb Daniel Bauer:
I'd like to have an encrypted swap partition, but without asking me for a password when booting.
I tried two different approaches:
- http://en.opensuse.org/Encrypted_Root_File_System_with_SUSE_HOWTO did as described (in regard of swap), all worked fine, except that I had to enter the password when booting. So "undid" what I did, and [...]
You should use a random key. Go to the article's Talk-Page: http://en.opensuse.org/Talk:Encrypted_Root_File_System_with_SUSE_HOWTO#Creat... However, there seems to be some problems with 10.3, thus, please read the following sections of the above mentioned article and the bug report mentioned there, too. HTH Jan -- We, the willing, led by the unknowing are doing the impossible for the ungrateful. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thursday 24 April 2008 21.00:06, Jan Ritzerfeld wrote:
Am Donnerstag, 24. April 2008 schrieb Daniel Bauer:
I'd like to have an encrypted swap partition, but without asking me for a password when booting.
I tried two different approaches:
- http://en.opensuse.org/Encrypted_Root_File_System_with_SUSE_HOWTO did as described (in regard of swap), all worked fine, except that I had to enter the password when booting. So "undid" what I did, and [...]
You should use a random key. Go to the article's Talk-Page: http://en.opensuse.org/Talk:Encrypted_Root_File_System_with_SUSE_HOWTO#Crea te_an_encrypted_swap_partition However, there seems to be some problems with 10.3, thus, please read the following sections of the above mentioned article and the bug report mentioned there, too.
HTH Jan
Thanks for that link. I hoped I could avoid encrypting the root partition too, but as far as I understood what I read, the solution provided there would only be quite secure, if root partition is encrypted too. So I'll give that a try this weekend - it's probably better anyway... Daniel -- Daniel Bauer photographer Basel Switzerland professional photography: http://www.daniel-bauer.com erotic art photos: http://www.bauer-nudes.com/en/linux.html Madagascar special: http://www.fotograf-basel.ch/madagascar/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thursday 2008-04-24 21:00, Jan Ritzerfeld wrote:
Am Donnerstag, 24. April 2008 schrieb Daniel Bauer:
I'd like to have an encrypted swap partition, but without asking me for a password when booting.
I tried two different approaches:
- http://en.opensuse.org/Encrypted_Root_File_System_with_SUSE_HOWTO did as described (in regard of swap), all worked fine, except that I had to enter the password when booting. So "undid" what I did, and [...]
You should use a random key. Go to the article's Talk-Page: http://en.opensuse.org/Talk:Encrypted_Root_File_System_with_SUSE_HOWTO#Creat... However, there seems to be some problems with 10.3, thus, please read the following sections of the above mentioned article and the bug report mentioned there, too.
There is no problem in having auto-keyed encrypted swap in 10.3, I have it on all partitions. Just set it up in /etc/crypttab: swap1 /dev/disk/by-id/ata-fooobar-part1 /dev/urandom swap -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, 2008-04-24 at 22:24 +0200, Jan Engelhardt wrote:
On Thursday 2008-04-24 21:00, Jan Ritzerfeld wrote:
Am Donnerstag, 24. April 2008 schrieb Daniel Bauer:
I'd like to have an encrypted swap partition, but without asking me for a password when booting.
I tried two different approaches:
- http://en.opensuse.org/Encrypted_Root_File_System_with_SUSE_HOWTO did as described (in regard of swap), all worked fine, except that I had to enter the password when booting. So "undid" what I did, and [...]
You should use a random key. Go to the article's Talk-Page: http://en.opensuse.org/Talk:Encrypted_Root_File_System_with_SUSE_HOWTO#Creat... However, there seems to be some problems with 10.3, thus, please read the following sections of the above mentioned article and the bug report mentioned there, too.
There is no problem in having auto-keyed encrypted swap in 10.3, I have it on all partitions. Just set it up in /etc/crypttab:
swap1 /dev/disk/by-id/ata-fooobar-part1 /dev/urandom swap
Looks great! Only one thing is missing: smartcard/token support for protecting keys I though it that was not possible until i stumbled over this page: http://wiki.tuxonice.net/EncryptedSwapAndRoot It uses an extension to opensc. Hans -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, Apr 24, 2008 at 3:48 PM, Hans Witvliet
On Thu, 2008-04-24 at 22:24 +0200, Jan Engelhardt wrote:
On Thursday 2008-04-24 21:00, Jan Ritzerfeld wrote:
Am Donnerstag, 24. April 2008 schrieb Daniel Bauer:
I'd like to have an encrypted swap partition, but without asking me for a password when booting.
I tried two different approaches:
- http://en.opensuse.org/Encrypted_Root_File_System_with_SUSE_HOWTO did as described (in regard of swap), all worked fine, except that I had to enter the password when booting. So "undid" what I did, and [...]
You should use a random key. Go to the article's Talk-Page: http://en.opensuse.org/Talk:Encrypted_Root_File_System_with_SUSE_HOWTO#Creat... However, there seems to be some problems with 10.3, thus, please read the following sections of the above mentioned article and the bug report mentioned there, too.
There is no problem in having auto-keyed encrypted swap in 10.3, I have it on all partitions. Just set it up in /etc/crypttab:
swap1 /dev/disk/by-id/ata-fooobar-part1 /dev/urandom swap
I installed openSUSE 10.3 from the DVD last November, and it had an option to encrypt both home and swap during the installation process. Post installation, the swap partition does not ask for a password (home does). I encrypted both home and swap (root is still unencrypted). Lee -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thursday 24 April 2008 21.00:06, Jan Ritzerfeld wrote:
Am Donnerstag, 24. April 2008 schrieb Daniel Bauer:
I'd like to have an encrypted swap partition, but without asking me for a password when booting.
I tried two different approaches:
- http://en.opensuse.org/Encrypted_Root_File_System_with_SUSE_HOWTO did as described (in regard of swap), all worked fine, except that I had to enter the password when booting. So "undid" what I did, and [...]
You should use a random key. Go to the article's Talk-Page: http://en.opensuse.org/Talk:Encrypted_Root_File_System_with_SUSE_HOWTO#Crea te_an_encrypted_swap_partition However, there seems to be some problems with 10.3, thus, please read the following sections of the above mentioned article and the bug report mentioned there, too.
HTH Jan
Thanks again Jan, doing it step by step as explained in the page you mentioned and ignoring the note "This doesn't appear to work in openSUSE 10.3..." : http://en.opensuse.org/Talk:Encrypted_Root_File_System_with_SUSE_HOWTO#Creat... (and *not* where I looked first: http://en.opensuse.org/Encrypted_Root_File_System_with_SUSE_HOWTO ) It just works fine now. swap is encrypted and running and I am not asked for a password at boot. No warning messages seen during boot or later in in /var/log/boot.msg or /var/log/messages. regards Daniel -- Daniel Bauer photographer Basel Switzerland professional photography: http://www.daniel-bauer.com erotic art photos: http://www.bauer-nudes.com/en/linux.html Madagascar special: http://www.fotograf-basel.ch/madagascar/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (6)
-
Daniel Bauer
-
Hans Witvliet
-
Jan Engelhardt
-
Jan Ritzerfeld
-
Lee Bengston
-
Matthias Bach