[Ecryptfs] [Bug 364015] Re: Auto mount of encrypted home directory RANDOMLY stops to work
;-) https://bugs.launchpad.net/ecryptfs/+bug/367804 -- Auto mount of encrypted home directory RANDOMLY stops to work https://bugs.launchpad.net/bugs/364015 You received this bug notification because you are a member of eCryptfs, which is subscribed to ecryptfs-utils in ubuntu. Status in eCryptfs - Enterprise Cryptographic Filesystem: Incomplete Status in “ecryptfs-utils” source package in Ubuntu: Incomplete Bug description: I had a problem with ssh public key auth and encrypted home directory in Jaunty. I fixed the issue by workaround provided by Dustin Kirkland: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/362427 But after reboot auto mount of encrypted home directory has stopped to work. There is only one error string in auth.log: Mount of private directory return code [256] At the same time I am able to mount home directory manually through ecryptfs-mount-private command. But /sbin/mount.ecryptfs_private shows me the following: keyctl_search: Required key not available Perhaps try the interactive 'ecryptfs-mount-private' ... looks like pam_ecryptfs is not able to read ~/.ecryptfs/wrapped-passphrase ___ Mailing list: https://launchpad.net/~ecryptfs Post to : ecryptfs@lists.launchpad.net Unsubscribe : https://launchpad.net/~ecryptfs More help : https://help.launchpad.net/ListHelp
[Ecryptfs] [Bug 358573] Re: ecryptfs private directory randomly unmounts
** Also affects: ecryptfs Importance: Undecided Status: New -- ecryptfs private directory randomly unmounts https://bugs.launchpad.net/bugs/358573 You received this bug notification because you are a member of eCryptfs, which is subscribed to ecryptfs-utils in ubuntu. Status in eCryptfs - Enterprise Cryptographic Filesystem: New Status in “ecryptfs-utils” source package in Ubuntu: New Bug description: Binary package hint: ecryptfs-utils This seems to be bug #259293, but I am filing a new one as I haven't seen this in some time. Twice in the last week my ~/Private directory unmounted. Both times /tmp/ecryptfs-user-Private was '0'. Both times, the symlink in the unmounted ~/Private was not present. I have a cron job that runs every 10 minutes that I can see in syslog: Apr 9 11:15:04 hostname CRON[22771]: Mount of private directory return code [0] It could be that bug #259293 is simply 'mostly' fixed and I coincidentally hit this twice in the last week, or it could be a new bug (I don't know). ProblemType: Bug Architecture: amd64 DistroRelease: Ubuntu 9.04 Package: ecryptfs-utils 73-0ubuntu2 ProcEnviron: PATH=(custom, user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: ecryptfs-utils Uname: Linux 2.6.28-11-generic x86_64 ___ Mailing list: https://launchpad.net/~ecryptfs Post to : ecryptfs@lists.launchpad.net Unsubscribe : https://launchpad.net/~ecryptfs More help : https://help.launchpad.net/ListHelp
[Ecryptfs] [Bug 351280] Re: Authentication with thinkfinger stalls login when user homes are encrypted
** Also affects: ecryptfs Importance: Undecided Status: New -- Authentication with thinkfinger stalls login when user homes are encrypted https://bugs.launchpad.net/bugs/351280 You received this bug notification because you are a member of eCryptfs, which is subscribed to ecryptfs-utils in ubuntu. Status in eCryptfs - Enterprise Cryptographic Filesystem: New Status in “ecryptfs-utils” source package in Ubuntu: Confirmed Status in “pam” source package in Ubuntu: New Bug description: When authenticating to the system with thinkfinger, the user encrypted home directories are not automatically mounted. Even though this makes total sense, since you will need to supply the password to unlock the encryption key. Having said this, the user should be prompted for the password in case if he/she is authenticated using thinkfinger or similar method. What happens now is when login to gdm using finger swipe, gdm starts loading and nothing happens. No message/warning is displayed. The user just sits there starring at a black screen :-) My system is Jaunty Beta on Thinkpad T61p: lsb_release -rd Description:Ubuntu jaunty (development branch) Release:9.04 apt-cache policy ecryptfs-utils ecryptfs-utils: Installed: 73-0ubuntu2 Candidate: 73-0ubuntu2 Version table: *** 73-0ubuntu2 0 500 http://gb.archive.ubuntu.com jaunty/main Packages 100 /var/lib/dpkg/status uname -a Linux finka 2.6.28-11-generic #38-Ubuntu SMP Fri Mar 27 10:01:17 UTC 2009 x86_64 GNU/Linux ___ Mailing list: https://launchpad.net/~ecryptfs Post to : ecryptfs@lists.launchpad.net Unsubscribe : https://launchpad.net/~ecryptfs More help : https://help.launchpad.net/ListHelp
[Ecryptfs] [Bug 277655] Re: Protect data in an encrypted Private from being inadvertently copied elsewhere (eg, thumbnailers)
** Also affects: ecryptfs Importance: Undecided Status: New -- Protect data in an encrypted Private from being inadvertently copied elsewhere (eg, thumbnailers) https://bugs.launchpad.net/bugs/277655 You received this bug notification because you are a member of eCryptfs, which is subscribed to ecryptfs-utils in ubuntu. Status in eCryptfs - Enterprise Cryptographic Filesystem: New Status in “ecryptfs-utils” source package in Ubuntu: Triaged Bug description: Intrepid introduced the new Private directory in the user's home directory. To prevent information leakage, thumbnailers etc should be forbidden from entering the directory (or should store their thumbnails inside the private dir). Has this been considered/solved? ___ Mailing list: https://launchpad.net/~ecryptfs Post to : ecryptfs@lists.launchpad.net Unsubscribe : https://launchpad.net/~ecryptfs More help : https://help.launchpad.net/ListHelp
[Ecryptfs] [Bug 257901] Re: Suggestion: GUI frontend(s) for ecryptfs-utils
** Also affects: ecryptfs
Importance: Undecided
Status: New
--
Suggestion: GUI frontend(s) for ecryptfs-utils
https://bugs.launchpad.net/bugs/257901
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu.
Status in eCryptfs - Enterprise Cryptographic Filesystem: New
Status in “ecryptfs-utils” source package in Ubuntu: In Progress
Status in “ecryptfs-utils” source package in Debian: Unknown
Bug description:
Binary package hint: ecryptfs-utils
This is a request from the user, suggested in the Discussion section of the
EncryptedPrivateDirectory specification:
* https://wiki.ubuntu.com/EncryptedPrivateDirectory
This suggestion has been moved here, as a wishlist bug.
Below is the text of the discussion, copied and pasted from that wiki page:
markc-qsiuk says:
* I hope there will also be an option for the ~/Private directory to ''not''
be mounted at login, together with a user-friendly mechanism to (un)mount it
explicitly when needed. As it stands at the moment, some hypothetical future
browser exploit could simply harvest any files in ~/Private knowing that
they're likely to contain usernames and passwords. As the browser is running
under the auspices of the user, it would be able to read the content of the
~/Private directory. I'd rather leave my private data encrypted, and just mount
the directory on-demand when I need to. Ideally I'd like both Nautilus and the
Gnome fileselector to know about the ~/Private directory and prompt me to mount
it (requesting my password) when I try to open it. I suppose that, in essence,
I would like access to my privately encrypted files to be much like trying to
do something as an administrator - I should be prompted for a password to
confirm that I am who I say I am, and that I am explicitly giving permission
for the file(s) to be accessed.
kirkland says:
* I have opened wiki:Bug:256154 to support configurable mounting/unmounting
of ~/Private. With the patch attached to that bug, this will be handled by the
pam_ecryptfs module checking for the existence of a file,
~/.ecryptfs/auto-mount before mounting, and ~/.ecryptfs/auto-umount before
unmounting. The default behavior as configured by ecryptfs-setup-private will
touch both of those files. You can remove them at your desire and disable the
mounting/unmounting. Unmounting on demand is absolutely trivial; just run
umount.ecryptfs_private. When ~/Private is not currently mounted, the
directory has r-x- - - - - - permission, and has a file in it named, '''THIS
DIRECTORY HAS BEEN UNMOUNTED TO PROTECT YOUR DATA -- Run
mount.ecryptfs_private to mount again''', which happens to be a symbolic link
to /sbin/mount.ecryptfs_private. In Nautilus, you simply need to double-click
on that file. Perhaps we can get fancier, but I am not a GUI developer ;-)
markc-qsiuk says:
* Thanks for that additional information. The solution for mounting an
unmounted Private directory seems reasonable (at least as a starting point).
I'm not sure I would describe just run ecryptfs.umount_private as absolutely
trivial though - mounting a Private directory requires a double-click on a
file in that directory, whereas unmounting it requires sufficient understanding
to launch some kind of CLI to run a command. Perhaps it would be possible to
find someone with the GUI skills to write a simple Gnome panel application
whose sole purpose is to call these commands to mount and unmount when the user
clicks on it, and whose icon changes to reflect the current state - a locked
padlock when the directory is unmounted, and an unlocked padlock when it's
mounted, for example. Can you also confirm whether or not one of the
application names above is a typo as you've written ecryptfs.umount_private
and mount.ecryptfs_private: I presume they're both supposed to be of the same
form.
MikeRooney:
* I will be happy to make a basic user interface in python-gtk2, if someone
can give me the basic requirements of it.
markc-qsiuk:
* I think that for a basic UI there are two things required: (1) an
indication of the current state of the private directory (mounted or
unmounted), and (2) a means to switch to the opposite state. A configuration
screen to enable or disable auto-mounting of the directory via the GUI would
also be good. A Gnome panel applet would be a sensible option as it allows the
user to check and modify the status at any time without launching another
application, though I'm not sure how practical it would be in Kubuntu or
Xubuntu. In the case of a such an applet, I would suggest an icon which
indicates a locked state when the ~/Private directory is unmounted (i.e. the
data are secure), and an unlocked state when the encrypted directory is mounted
(i.e. the data are readable to any process running as the user - less secure).
Clicking on the icon would execute {{{mount.ecryptfs_private}}} or
[Ecryptfs] [Bug 353446] [NEW] GDM auto login won't work with ecryptfs
You have been subscribed to a public bug: Binary package hint: gdm Using Ubuntu Jaunty Beta 1 up to date (20090401) A co-worker had trouble with the auto login in GDM, the screen kept showing a blank screen and never started gnome. So after investigating I found that he had enabled the encryptfs of his home directory. Disabling the autologin solved the problem. Steps to reproduce: 1. Install Ubuntu Jaunty choosing encripted home directory. 2. Login and select auto-login in gdmsetup. 3. Next time you try to login, the session won't start. Would it be possible that GDM informed about this or ask for the password to unlock the home? Maybe, with a encryptfs home one shouldn't be allowed to activate auto-login. This is related to bug 284443. ** Affects: ecryptfs-utils (Ubuntu) Importance: Undecided Status: New -- GDM auto login won't work with ecryptfs https://bugs.edge.launchpad.net/bugs/353446 You received this bug notification because you are a member of eCryptfs, which is subscribed to ecryptfs-utils in ubuntu. ___ Mailing list: https://launchpad.net/~ecryptfs Post to : ecryptfs@lists.launchpad.net Unsubscribe : https://launchpad.net/~ecryptfs More help : https://help.launchpad.net/ListHelp
[Ecryptfs] [Bug 353446] Re: GDM auto login won't work with ecryptfs
gdm starts the session is probably hangs after that due to some reason ** Package changed: gdm (Ubuntu) = ecryptfs-utils (Ubuntu) -- GDM auto login won't work with ecryptfs https://bugs.launchpad.net/bugs/353446 You received this bug notification because you are a member of eCryptfs, which is subscribed to ecryptfs-utils in ubuntu. Status in “ecryptfs-utils” source package in Ubuntu: New Bug description: Binary package hint: gdm Using Ubuntu Jaunty Beta 1 up to date (20090401) A co-worker had trouble with the auto login in GDM, the screen kept showing a blank screen and never started gnome. So after investigating I found that he had enabled the encryptfs of his home directory. Disabling the autologin solved the problem. Steps to reproduce: 1. Install Ubuntu Jaunty choosing encripted home directory. 2. Login and select auto-login in gdmsetup. 3. Next time you try to login, the session won't start. Would it be possible that GDM informed about this or ask for the password to unlock the home? Maybe, with a encryptfs home one shouldn't be allowed to activate auto-login. This is related to bug 284443. ___ Mailing list: https://launchpad.net/~ecryptfs Post to : ecryptfs@lists.launchpad.net Unsubscribe : https://launchpad.net/~ecryptfs More help : https://help.launchpad.net/ListHelp
[Ecryptfs] [Bug 353446] Re: GDM auto login won't work with ecryptfs
I'm sorry, but an encrypted home directory and gdm-autologin are two features that are simply incompatible. We handled this in the installer by allowing you to only one of 3 different options: 1) auto login (no password) 2) login with a password 3) login with a password and decrypt your home directory contents I believe this should be solved in the gdm Login Window Preferences - Security tab. The 'enable automatic login' option should be greyed out if the user has an encrypted home directory, $ mount | grep on $HOME type ecryptfs seb128, I'm going to wishlist this against gdm. :-Dustin ** Also affects: gdm (Ubuntu) Importance: Undecided Status: New ** Changed in: gdm (Ubuntu) Importance: Undecided = Wishlist ** Changed in: gdm (Ubuntu) Status: New = Confirmed ** Changed in: ecryptfs-utils (Ubuntu) Status: New = Invalid -- GDM auto login won't work with ecryptfs https://bugs.launchpad.net/bugs/353446 You received this bug notification because you are a member of eCryptfs, which is subscribed to ecryptfs-utils in ubuntu. Status in “ecryptfs-utils” source package in Ubuntu: Invalid Status in “gdm” source package in Ubuntu: Confirmed Bug description: Binary package hint: gdm Using Ubuntu Jaunty Beta 1 up to date (20090401) A co-worker had trouble with the auto login in GDM, the screen kept showing a blank screen and never started gnome. So after investigating I found that he had enabled the encryptfs of his home directory. Disabling the autologin solved the problem. Steps to reproduce: 1. Install Ubuntu Jaunty choosing encripted home directory. 2. Login and select auto-login in gdmsetup. 3. Next time you try to login, the session won't start. Would it be possible that GDM informed about this or ask for the password to unlock the home? Maybe, with a encryptfs home one shouldn't be allowed to activate auto-login. This is related to bug 284443. ___ Mailing list: https://launchpad.net/~ecryptfs Post to : ecryptfs@lists.launchpad.net Unsubscribe : https://launchpad.net/~ecryptfs More help : https://help.launchpad.net/ListHelp
[Ecryptfs] [Bug 353446] Re: GDM auto login won't work with ecryptfs
Dustin, that should not block login though should it? -- GDM auto login won't work with ecryptfs https://bugs.launchpad.net/bugs/353446 You received this bug notification because you are a member of eCryptfs, which is subscribed to ecryptfs-utils in ubuntu. Status in “ecryptfs-utils” source package in Ubuntu: Invalid Status in “gdm” source package in Ubuntu: Confirmed Bug description: Binary package hint: gdm Using Ubuntu Jaunty Beta 1 up to date (20090401) A co-worker had trouble with the auto login in GDM, the screen kept showing a blank screen and never started gnome. So after investigating I found that he had enabled the encryptfs of his home directory. Disabling the autologin solved the problem. Steps to reproduce: 1. Install Ubuntu Jaunty choosing encripted home directory. 2. Login and select auto-login in gdmsetup. 3. Next time you try to login, the session won't start. Would it be possible that GDM informed about this or ask for the password to unlock the home? Maybe, with a encryptfs home one shouldn't be allowed to activate auto-login. This is related to bug 284443. ___ Mailing list: https://launchpad.net/~ecryptfs Post to : ecryptfs@lists.launchpad.net Unsubscribe : https://launchpad.net/~ecryptfs More help : https://help.launchpad.net/ListHelp
Re: [Ecryptfs] [Bug 353446] Re: GDM auto login won't work with ecryptfs
Sebastien- If you encrypt your home directory, you absolutely *must* enter a password on login. If you want to add some code to GDM, when doing an auto-login that detects this, that's fine too. In fact, I think that might be a good idea. :-Dustin -- GDM auto login won't work with ecryptfs https://bugs.launchpad.net/bugs/353446 You received this bug notification because you are a member of eCryptfs, which is subscribed to ecryptfs-utils in ubuntu. Status in “ecryptfs-utils” source package in Ubuntu: Invalid Status in “gdm” source package in Ubuntu: Confirmed Bug description: Binary package hint: gdm Using Ubuntu Jaunty Beta 1 up to date (20090401) A co-worker had trouble with the auto login in GDM, the screen kept showing a blank screen and never started gnome. So after investigating I found that he had enabled the encryptfs of his home directory. Disabling the autologin solved the problem. Steps to reproduce: 1. Install Ubuntu Jaunty choosing encripted home directory. 2. Login and select auto-login in gdmsetup. 3. Next time you try to login, the session won't start. Would it be possible that GDM informed about this or ask for the password to unlock the home? Maybe, with a encryptfs home one shouldn't be allowed to activate auto-login. This is related to bug 284443. ___ Mailing list: https://launchpad.net/~ecryptfs Post to : ecryptfs@lists.launchpad.net Unsubscribe : https://launchpad.net/~ecryptfs More help : https://help.launchpad.net/ListHelp
[Ecryptfs] [Bug 364015] Re: Auto mount of encrypted home directory RANDOMLY stops to work
Hi Dustin, Just checked - there is only one authorized_keys, it is in unencrypted mountpoint. I am not sure that I understood you well, but just checked the symlink to ~/.ecryptfs, it exists in both encrypted and unencrypted mountpoints, but it doesn't contain authorized_keys in both cases. -- Auto mount of encrypted home directory RANDOMLY stops to work https://bugs.launchpad.net/bugs/364015 You received this bug notification because you are a member of eCryptfs, which is subscribed to ecryptfs-utils in ubuntu. Status in eCryptfs - Enterprise Cryptographic Filesystem: Incomplete Status in “ecryptfs-utils” source package in Ubuntu: Incomplete Bug description: I had a problem with ssh public key auth and encrypted home directory in Jaunty. I fixed the issue by workaround provided by Dustin Kirkland: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/362427 But after reboot auto mount of encrypted home directory has stopped to work. There is only one error string in auth.log: Mount of private directory return code [256] At the same time I am able to mount home directory manually through ecryptfs-mount-private command. But /sbin/mount.ecryptfs_private shows me the following: keyctl_search: Required key not available Perhaps try the interactive 'ecryptfs-mount-private' ... looks like pam_ecryptfs is not able to read ~/.ecryptfs/wrapped-passphrase ___ Mailing list: https://launchpad.net/~ecryptfs Post to : ecryptfs@lists.launchpad.net Unsubscribe : https://launchpad.net/~ecryptfs More help : https://help.launchpad.net/ListHelp
[Ecryptfs] [Bug 359997] Re: Improve record-your-passphrase dialog
I just had this today... It also got me really confused. The popup clearly says: - Please print or write it down and store it in a safe location. You can run the ecryptfs-unwrap-passphrase command now to do this. Enter your user password at the Passphrase prompt. - So I did... - $ ecryptfs-unwrap-passphrase Passphrase: [password] Warning: Using default salt value (undefined in ~/.ecryptfsrc) Error: Unwrapping passphrase failed [-5] Info: Check the system log for more information from libecryptfs - It should be clearly indicated the command to run is: - ecryptfs-unwrap-passphrase $HOME/.ecryptfs/wrapped-passphrase - -- Improve record-your-passphrase dialog https://bugs.launchpad.net/bugs/359997 You received this bug notification because you are a member of eCryptfs, which is subscribed to ecryptfs-utils in ubuntu. Status in eCryptfs - Enterprise Cryptographic Filesystem: Triaged Status in “ecryptfs-utils” source package in Ubuntu: Triaged Bug description: After running 'update-manager -d', the 'Information Available' window opened and provided the following message: === Record your encryption passphrase To encrypt your home directory or Private folder, a strong passphrase has been autogenerated. Usually your directory is unlocked with your user password, but if you ever need to manually recover this directory, you will need this passphrase. Please print or write it down and store it in a safe location. You can run the ecryptfs-unwrap-passphrase command now to do this. Enter your user password at the Passphrase prompt. === Run this action now | Close| === I don't believe I chose to encrypt my fs when I installed Jaunty! So I click the 'Run this action now' button and get a terminal window prompt: Passphrase: I enter a passphrase, and the terminal disappears. The previous 'information available' message remains on the screen and doesn't acknowledge that anything has happened. In fact, I can press the 'Run this action now' button as many times as I like, and enter different passphrases. I don't get the point of this. Also, after entering a passphrase, it doesn't confirm that I didn't make a typo by asking me to re-enter it. ___ Mailing list: https://launchpad.net/~ecryptfs Post to : ecryptfs@lists.launchpad.net Unsubscribe : https://launchpad.net/~ecryptfs More help : https://help.launchpad.net/ListHelp
Re: [Ecryptfs] [Bug 364015] Re: Auto mount of encrypted home directory RANDOMLY stops to work
Okay, I don't think you understood me very well... Do this ... Put a single, unencrypted copy of authorized_keys in /var/lib/ecryptfs/$USER Now, symlink to that file from two locations... When your $HOME is created, do: $ ln -s /var/lib/ecryptfs/$USER/authorized_keys $HOME/.ssh And the do the same when it's not mounted. :-Dustin -- Auto mount of encrypted home directory RANDOMLY stops to work https://bugs.launchpad.net/bugs/364015 You received this bug notification because you are a member of eCryptfs, which is subscribed to ecryptfs-utils in ubuntu. Status in eCryptfs - Enterprise Cryptographic Filesystem: Incomplete Status in “ecryptfs-utils” source package in Ubuntu: Incomplete Bug description: I had a problem with ssh public key auth and encrypted home directory in Jaunty. I fixed the issue by workaround provided by Dustin Kirkland: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/362427 But after reboot auto mount of encrypted home directory has stopped to work. There is only one error string in auth.log: Mount of private directory return code [256] At the same time I am able to mount home directory manually through ecryptfs-mount-private command. But /sbin/mount.ecryptfs_private shows me the following: keyctl_search: Required key not available Perhaps try the interactive 'ecryptfs-mount-private' ... looks like pam_ecryptfs is not able to read ~/.ecryptfs/wrapped-passphrase ___ Mailing list: https://launchpad.net/~ecryptfs Post to : ecryptfs@lists.launchpad.net Unsubscribe : https://launchpad.net/~ecryptfs More help : https://help.launchpad.net/ListHelp
