Ubuntu 20.04 Tutorial: Encrypt Ubuntu After Installation (Home Folder & Swap Space)

Показать описание

Learn how to encrypt Ubuntu Linux machines after installation with Ben Garrison, JumpCloud’s Technical Champion. This tutorial covers both home folder encryption and swap space encryption using ecryptfs and cryptsetup.

Video instructions, commands, and timestamps:

0:00 Pre- vs post-installation encryption
2:00 Install ecryptfs-utils and cryptsetup

command:

$ sudo apt install ecryptfs-utils cryptsetup

2:25 Assign Sudo privileges

Create a new privileged user:

$ sudo adduser username

encryption_user is the name of the user we’ll create.

$ sudo adduser encryption_user

Add the user to the sudoers group with root privilege.

$ sudo usermod -aG sudo encryption_user

Log into the profile you just created. Do NOT reboot when logging out!

3:50 Encrypt the home folder

In this tutorial, ~ben is the home folder of the user account called ben. View the home folder with this command:

$ sudo ls -l ~ben

Execute this command to encrypt the home folder:

$ sudo ecryptfs-migrate-home -u ben

The encryption process will begin and you will see several important notes about the encryption process.

5:06 Confirm home folder encryption

Enter filler text and then save using Ctrl + D. Verify that the data has been successfully written. Reading and writing data confirms that we have successfully encrypted the home folder.

6:05 Record your encryption passphrase

At this point, you should see a popup prompting you to record your encryption passphrase.

Run the action and enter your passphrase when prompted. You will be able to view your recovery passphrase using the following command:

$ sudo ecryptfs-unwrap-passphrase

Remember to save your recovery passphrase in a safe location!

7:15 Encrypt swap space

Encrypting your swap space provides you with an extra layer of security. You can see if there is swap space on your system using this command:

$ swapon -s

You can then see how much swap space is available using this command:

$ free -h

To encrypt the swap space, run this command and enter your password when prompted:

$ sudo ecryptfs-setup-swap

8:03 Clean up

With the home folder and swap space successfully encrypted, we will remove the user and extra files we created:

$ sudo deluser --remove-home encryption_user

Delete the temporary folder that was created when we originally ran the migration command. In this tutorial, we identified it by locating the directory that contains .nBBZHLmp in the name.

$ sudo rm -Rf /home/ben.nBBZHLmp

Congratulations! You now know how to encrypt Ubuntu post-installation.

Questions? Let us know in the comments below!

-----------------

-----------------

Resources and social media:

#JumpCloud #LinuxTutorial #Ubuntu20 #Ubuntu #Encryption

Рекомендации по теме

Комментарии

Hi could you provide the steps to undo this whole encryption for a person who followed and applied this tutorial steps?

bigbangind

Hi, thank you for the information, really great one. Can you please add a links How to do all this process from the Jumpcloud Admin console and to make it as a Policy or Command atleast for the deployment? Thank you

PointfiveIT

If i follow this and encrypt home directory, then is this same as disk encryption? Or disk encryption is different than this? Can you please clarify?

darshangoheldz

I used this technique in my machine. My question is how can I check that it is working correctly?

nahidanwar

how can you test the encryption has worked?

satnamsandhu

Hi. I followed the instruction. Everything went well but I never received the pop-up to set the passphrase. I thought maybe it was not completed so I tried to start over but I received the message " it appears your home directory has been already encrypted." However, when I checked all recommended codes to check if my home is encrypted or not, none of them showed my home drive to be encrypted! Can you please help me with how can I fix it?

baharehbehrooziasl

Thanks make video on other partition encryption

hawk_code

does it slow my computer cause im using ubuntu as my main OS

rbcrax

At what point does the data become unencrypted? When you login after fresh reboot?

shadoninja

Ls: cannot access ~ben: no such file or directory

mdakil

Ubuntu 20.04 Tutorial: Encrypt Ubuntu After Installation (Home Folder & Swap Space)

Ubuntu 20.04 Tutorial: Encrypt Ubuntu After Installation (Home Folder & Swap Space)

Ubuntu 20.04 Tutorial: Ubuntu Full Disk Encryption Install With LUKS

Installing an encrypted version of Ubuntu 20.04

Encrypted ZFS Root When Installing Ubuntu 20.04

Install lets encrypt on ubuntu 20.04 with Nginx

Ubuntu 20.04 btrfs-luks full disk encryption including /boot and auto-APT snapshots with Timeshift

How To Install Prometheus On Ubuntu 20 04 With Let's Encrypt SSL And Authentication

20 Things You MUST DO After Installing Ubuntu 24.04 LTS (Right Now!)

Installing SSL on Ubuntu v. 20.04 | Absolute Beginner Tutorial

Encrypt your DNS on Ubuntu 20.04

001 - Deploying a secure Ubuntu 20 04 LTS - VPS || VPS Setup Guide For Beginners

How to Partition, Format, and auto Mount Disk on Ubuntu 20.04

ubuntu zfs encrypted root, datasets and dell xps15 linux set up

10 Basic Ways to Secure Ubuntu from Hackers

Update Encrypted Swap size option missing for crypttab Ubuntu 20.04

Installing https on Apache and Ubuntu 20.04

How to Install the Ubuntu Linux in Oracle Virtual Box with Encrypted Hard Drive

How to enable SSH on Linux Ubuntu (Easy step by step guide)

In-depth description / tutorial of Ubuntu installation (Part 2c) [encrypted HD]

#54 - SSD Hard drive swap and upgrade with LUKS encryption in Ubuntu

Let's Encrypt HAProxy on Ubuntu 16 04 this time with Auto Update SSL cert Script

Upgrade to Ubuntu 20.04 LTS

ATKey | Secure Ubuntu Linux login using ATKeys

How to Install Elastic Stack on Ubuntu 20 04 LTS | Setup ELK Stack on Ubuntu 20.04 LTS