Install Step
Create a temp user
tu
, and add it tosudo
groupsudo adduser tu sudo gpasswd -M tu sudo
- Logout and re-login with temp user
tu
Install necessary package
sudo apt install ecryptfs-utils lsof sudo modprobe ecryptfs
ecrypt home files for origin user, eg.
ou
sudo ecryptfs-migrate-home -u ou
tu@raspberry-pi:~ $ sudo ecryptfs-migrate-home -u ou INFO: Checking disk space, this may take a few moments. Please be patient. INFO: Checking for open files in /home/ou Enter your login passphrase [ou]: ************************************************************************ YOU SHOULD RECORD YOUR MOUNT PASSPHRASE AND STORE IT IN A SAFE LOCATION. ecryptfs-unwrap-passphrase ~/.ecryptfs/wrapped-passphrase THIS WILL BE REQUIRED IF YOU NEED TO RECOVER YOUR DATA AT A LATER TIME. ************************************************************************ Done configuring. chown: cannot access '/dev/shm/.ecryptfs-ou': No such file or directory mount: (hint) your fstab has been modified, but systemd still uses the old version; use 'systemctl daemon-reload' to reload. INFO: Encrypted home has been set up, encrypting files now...this may take a while. sending incremental file list ./ .bash_history 155 100% 0.00kB/s 0:00:00 (xfr#1, to-chk=6/8) .bash_logout 220 100% 214.84kB/s 0:00:00 (xfr#2, to-chk=5/8) .bashrc 3,523 100% 3.36MB/s 0:00:00 (xfr#3, to-chk=4/8) .profile 807 100% 788.09kB/s 0:00:00 (xfr#4, to-chk=3/8) .sudo_as_admin_successful 0 100% 0.00kB/s 0:00:00 (xfr#5, to-chk=2/8) .ssh/ .ssh/authorized_keys 1,174 100% 1.12MB/s 0:00:00 (xfr#6, to-chk=0/8) Could not unlink the key(s) from your keying. Please use `keyctl unlink` if you wish to remove the key(s). Proceeding with umount. ======================================================================== Some Important Notes! 1. The file encryption appears to have completed successfully, however, ou MUST LOGIN IMMEDIATELY, _BEFORE_THE_NEXT_REBOOT_, TO COMPLETE THE MIGRATION!!! 2. If ou can log in and read and write their files, then the migration is complete, and you should remove /home/ou.q4MyCen9. Otherwise, restore /home/ou.q4MyCen9 back to /home/ou. 3. ou should also run 'ecryptfs-unwrap-passphrase' and record their randomly generated mount passphrase as soon as possible. 4. To ensure the integrity of all encrypted data on this system, you should also encrypt swap space with 'ecryptfs-setup-swap'. ========================================================================
Install Issue
Issue 1: no lsof installed
tu@raspberry-pi:~ $ sudo ecryptfs-migrate-home -u ou
INFO: Checking disk space, this may take a few moments. Please be patient.
INFO: Please install lsof.
ERROR: Can not tell whether /home/ou is in use or not.
Slution:sudo apt install lsof
Issue 2: ecryptfs kernel module not loaded
tu@raspberry-pi:~ $ sudo ecryptfs-migrate-home -u ou
INFO: Checking disk space, this may take a few moments. Please be patient.
INFO: Checking for open files in /home/ou
ERROR: Cannot get ecryptfs version, ecryptfs kernel module not loaded?
Slution:sudo modprobe ecryptfs
版权属于:wshon
本文链接:https://blog.wshon.com/2023/11/raspberrypi-ecrypt-home.html
转载时须注明出处及本声明
最新回复