How to install Debian with encrypted / and passphrase required before login-screen?
Clash Royale CLAN TAG#URR8PPP
up vote
2
down vote
favorite
I'm trying to install Debian in my Dell inspiron 8GB ram + 500GB HD. Althought I could install it without any problems with the regular install and even with a few modifications, I'm trying to maximize my computers security, and therefore I would like to have the / folder encrypted.
Not only that, I would also like that the passphrase for it's encryption was asked before the login screen loaded. The computer will have only one user, and root permissions run trough sudo
. So, the question is:
How do I get to install Debian with a passphrase for encrypted / asked before the login screen?
This is my initial idea to assure security, but I'm open to new ideas and other devices I can use for that purpose.
debian system-installation encryption
add a comment |Â
up vote
2
down vote
favorite
I'm trying to install Debian in my Dell inspiron 8GB ram + 500GB HD. Althought I could install it without any problems with the regular install and even with a few modifications, I'm trying to maximize my computers security, and therefore I would like to have the / folder encrypted.
Not only that, I would also like that the passphrase for it's encryption was asked before the login screen loaded. The computer will have only one user, and root permissions run trough sudo
. So, the question is:
How do I get to install Debian with a passphrase for encrypted / asked before the login screen?
This is my initial idea to assure security, but I'm open to new ideas and other devices I can use for that purpose.
debian system-installation encryption
add a comment |Â
up vote
2
down vote
favorite
up vote
2
down vote
favorite
I'm trying to install Debian in my Dell inspiron 8GB ram + 500GB HD. Althought I could install it without any problems with the regular install and even with a few modifications, I'm trying to maximize my computers security, and therefore I would like to have the / folder encrypted.
Not only that, I would also like that the passphrase for it's encryption was asked before the login screen loaded. The computer will have only one user, and root permissions run trough sudo
. So, the question is:
How do I get to install Debian with a passphrase for encrypted / asked before the login screen?
This is my initial idea to assure security, but I'm open to new ideas and other devices I can use for that purpose.
debian system-installation encryption
I'm trying to install Debian in my Dell inspiron 8GB ram + 500GB HD. Althought I could install it without any problems with the regular install and even with a few modifications, I'm trying to maximize my computers security, and therefore I would like to have the / folder encrypted.
Not only that, I would also like that the passphrase for it's encryption was asked before the login screen loaded. The computer will have only one user, and root permissions run trough sudo
. So, the question is:
How do I get to install Debian with a passphrase for encrypted / asked before the login screen?
This is my initial idea to assure security, but I'm open to new ideas and other devices I can use for that purpose.
debian system-installation encryption
debian system-installation encryption
edited Sep 8 '13 at 9:52
Anthon
58.7k1796159
58.7k1796159
asked Sep 8 '13 at 9:31
user189838
111
111
add a comment |Â
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
2
down vote
How about setting up encrypted LVM during installation? It's pretty straight forward to setup, just follow the instructions during installation and when you're done you will be asked for a password every time before the OS boots (and then at your user login too).
http://www.debian.org/releases/stable/amd64/ch06s03.html.en#di-partition
add a comment |Â
up vote
2
down vote
Use DM-crypt with LUKS. Make sure not to put important data in it without a backup when still testing! Losing your encryption keys = certain data loss!
Furthermore, you can choose to use a password, but you can also choose to use a keyfile. A keyfile can be stored on a separate flash drive or something, together with your /boot directory contents, so that nobody could ever get in your hard drive by guessing the password. Additionally, when you boot from the flash drive, you can choose not to password protect the keyfile, so booting up will happen transparently to you as a user.
Encryption does make your system a bit slower and less responsive to opening large files. Some recommendations:
- Don't create root on an external USB 2 hard drive. (Slow + slow = really slow)
- I had lagging problems with using BTRFS. Better use EXT4 or XFS.
Arch has an excellent wiki page about DM-crypt with LUKS. I followed it for my Gentoo box a year or 2 ago.
Good luck!
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
How about setting up encrypted LVM during installation? It's pretty straight forward to setup, just follow the instructions during installation and when you're done you will be asked for a password every time before the OS boots (and then at your user login too).
http://www.debian.org/releases/stable/amd64/ch06s03.html.en#di-partition
add a comment |Â
up vote
2
down vote
How about setting up encrypted LVM during installation? It's pretty straight forward to setup, just follow the instructions during installation and when you're done you will be asked for a password every time before the OS boots (and then at your user login too).
http://www.debian.org/releases/stable/amd64/ch06s03.html.en#di-partition
add a comment |Â
up vote
2
down vote
up vote
2
down vote
How about setting up encrypted LVM during installation? It's pretty straight forward to setup, just follow the instructions during installation and when you're done you will be asked for a password every time before the OS boots (and then at your user login too).
http://www.debian.org/releases/stable/amd64/ch06s03.html.en#di-partition
How about setting up encrypted LVM during installation? It's pretty straight forward to setup, just follow the instructions during installation and when you're done you will be asked for a password every time before the OS boots (and then at your user login too).
http://www.debian.org/releases/stable/amd64/ch06s03.html.en#di-partition
answered Sep 8 '13 at 10:00
phatypus
1735
1735
add a comment |Â
add a comment |Â
up vote
2
down vote
Use DM-crypt with LUKS. Make sure not to put important data in it without a backup when still testing! Losing your encryption keys = certain data loss!
Furthermore, you can choose to use a password, but you can also choose to use a keyfile. A keyfile can be stored on a separate flash drive or something, together with your /boot directory contents, so that nobody could ever get in your hard drive by guessing the password. Additionally, when you boot from the flash drive, you can choose not to password protect the keyfile, so booting up will happen transparently to you as a user.
Encryption does make your system a bit slower and less responsive to opening large files. Some recommendations:
- Don't create root on an external USB 2 hard drive. (Slow + slow = really slow)
- I had lagging problems with using BTRFS. Better use EXT4 or XFS.
Arch has an excellent wiki page about DM-crypt with LUKS. I followed it for my Gentoo box a year or 2 ago.
Good luck!
add a comment |Â
up vote
2
down vote
Use DM-crypt with LUKS. Make sure not to put important data in it without a backup when still testing! Losing your encryption keys = certain data loss!
Furthermore, you can choose to use a password, but you can also choose to use a keyfile. A keyfile can be stored on a separate flash drive or something, together with your /boot directory contents, so that nobody could ever get in your hard drive by guessing the password. Additionally, when you boot from the flash drive, you can choose not to password protect the keyfile, so booting up will happen transparently to you as a user.
Encryption does make your system a bit slower and less responsive to opening large files. Some recommendations:
- Don't create root on an external USB 2 hard drive. (Slow + slow = really slow)
- I had lagging problems with using BTRFS. Better use EXT4 or XFS.
Arch has an excellent wiki page about DM-crypt with LUKS. I followed it for my Gentoo box a year or 2 ago.
Good luck!
add a comment |Â
up vote
2
down vote
up vote
2
down vote
Use DM-crypt with LUKS. Make sure not to put important data in it without a backup when still testing! Losing your encryption keys = certain data loss!
Furthermore, you can choose to use a password, but you can also choose to use a keyfile. A keyfile can be stored on a separate flash drive or something, together with your /boot directory contents, so that nobody could ever get in your hard drive by guessing the password. Additionally, when you boot from the flash drive, you can choose not to password protect the keyfile, so booting up will happen transparently to you as a user.
Encryption does make your system a bit slower and less responsive to opening large files. Some recommendations:
- Don't create root on an external USB 2 hard drive. (Slow + slow = really slow)
- I had lagging problems with using BTRFS. Better use EXT4 or XFS.
Arch has an excellent wiki page about DM-crypt with LUKS. I followed it for my Gentoo box a year or 2 ago.
Good luck!
Use DM-crypt with LUKS. Make sure not to put important data in it without a backup when still testing! Losing your encryption keys = certain data loss!
Furthermore, you can choose to use a password, but you can also choose to use a keyfile. A keyfile can be stored on a separate flash drive or something, together with your /boot directory contents, so that nobody could ever get in your hard drive by guessing the password. Additionally, when you boot from the flash drive, you can choose not to password protect the keyfile, so booting up will happen transparently to you as a user.
Encryption does make your system a bit slower and less responsive to opening large files. Some recommendations:
- Don't create root on an external USB 2 hard drive. (Slow + slow = really slow)
- I had lagging problems with using BTRFS. Better use EXT4 or XFS.
Arch has an excellent wiki page about DM-crypt with LUKS. I followed it for my Gentoo box a year or 2 ago.
Good luck!
edited Aug 13 at 10:59
Jeff Schaller
32.5k849110
32.5k849110
answered Sep 8 '13 at 9:52
Tim
507211
507211
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f89842%2fhow-to-install-debian-with-encrypted-and-passphrase-required-before-login-scre%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password