3

I have a system running Ubuntu Server as a testbed for some services that I want to get familiar with. I decided to let the installation procedure set up encryption. I knew all along that I would have to decrypt it with the passphrase in order to get the system booted, but I assumed it wouldn't matter since it will only boot once or twice a month.

However, my brother has informed me that he is a victim of power outages at the residence where this server is located. This means we have to explain to his girlfriend how to turn on the computer, attach a keyboard, connect a monitor (she just can't understand that she can type to the computer without a display, so whatever) and input the passphrase for us, while we are at work.

I have arrived at the conclusion that I should just put together a USB key that can be plugged in before powering on the computer, to avoid all the trouble.

Is this possible with ecryptfs? Is there a tutorial or simple list of instructions available so that I can knock this out and focus back on the stuff I care about?

EDIT: I am aware that this is possible with LUKS and dm-crypt, but unfortunately the magical encryption that Ubuntu hands you during the installation is only ecryptfs so my question is specific to that.

2 Answers2

1

As far as I know you cannot do this with ecryptfs, but it should be possible with LUKS.

I don't know how it would work out in your scenario with a headless server and the given circumstances. I think it would result in the key being always plugged in. I'd suggest buying and configuring a UPS and OOB over the USB-key method.

LiveWireBT
  • 28,763
  • Thanks. I'm aware of how to use a keyfile with LUKS and have done so in the past on a personal Arch laptop. If there's no way to use a keyfile with ecryptfs then I'll probably just reinstall without encryption. Simply too much trouble otherwise. – Josh McGee Aug 24 '14 at 21:34
1

One possibility you might want to consider is getting a USB Rubber Duckey to do the job. It is a flash drive-shaped device that impersonates a keyboard to deliver its payload of key presses, the way you might if you were typing to it without a screen. That way, she can just plug it in the same way she would with a regular flash drive.