Encrypt only home

If you left it in /etc/fstab after properly configuring pam_mount, I suspect it would still try to load it on boot.

That being said, I have never tried what you are doing so I can’t be 100% certain.

For your purpose, you just need two commands (as long as the other prerequisites listed in the wiki are followed):

# modprobe ecryptfs
# ecryptfs-migrate-home -u username

This uses the options chosen by Ubuntu, and makes the home directory encripted. There are also instruction on how to automount.

  • cipher: AES
  • key length: 16 bytes (128 bits)
  • key management scheme: passphrase
  • plaintext passthrough: enabled

That’s almost true, except that I had to login as root into Ctrl+Alt+F2 terminal (so no gui and half of symbols are just white squares. Guess it’s because of my locale. Imaging no Unicode in 2023) to run these commands and couldn’t login into gui afterwards unless I set up automount. In process I broke sudo (turned out that deleting system-auth is a bad idea. Who would’ve thought?) and had to boot Live USB installer and finally overwrite that system-auth file.
So those two commands turned into “type those commands and later type even more to be able to login into your system”.

Okay, this is somewhat solved, but definitely not great user experience. Installer should’ve supported that out of the box with simple check box “encrypt home”.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.