Peppermint OS Community Forum

Support => Advanced Topics => Topic started by: PepPaulgr on September 12, 2014, 05:53:18 am

Title: accessing peppermint drive remotely
Post by: PepPaulgr on September 12, 2014, 05:53:18 am
When I installed Peppermint 4, I selected encrypt home folder. I thought it would be a simple matter of selecting "open as root" when i try to access the drive Peppermint is installed on from a live Peppermint cd,  but I haven't had that experience.
I have no trouble booting into my Peppermint install, it's just whenever I try to access it externally.

This is what I've tried after booting into the Peppermint CD:

Enter a passphrase to unlock the volume

When I enter the passphrase that I use to unclock the drive at bootup, I get the error message "The unlocked device does not have a recognizable file system on it."

Another error message:
Error opening directory '/media/peppermint/764357f5-b7a6-4504-b699-3643ee96d7e3/home/paul': Permission denied

When I click on the home folder of the drive I'm trying to access and then select open current folder as root, I get this icon: Access-Your-Private-Data  Nothing happens when I click on it.

The Readme text:

THIS DIRECTORY HAS BEEN UNMOUNTED TO PROTECT YOUR DATA.

From the graphical desktop, click on:
 "Access Your Private Data"

or

From the command line, run:
 ecryptfs-mount-private

In the terminal I cd to the drive I'm trying to access and get this when I enter ecryptfs-mount-private command

ERROR: Encrypted private directory is not setup properly

Any suggestions? Thank, Paul

Title: Re: accessing peppermint drive remotely
Post by: PCNetSpec on September 12, 2014, 06:52:50 am
Boot into peppermint normally .. open a terminal and run:
Code: [Select]
ecryptfs-unwrap-passphrase
when prompted for a password, enter your Peppermint login password and hit enter.

You will be shown the mount key you need to unlock/mount your encrypted /home

Would probably be a good idea to write this down somewhere and keep it safe, but obviously separate from the laptop .. you'll NEED this key to access your data if the system ever becomes unbootable.

Please see the release notes:
http://peppermintos.com/release-notes/
Title: Re: accessing peppermint drive remotely
Post by: PepPaulgr on September 17, 2014, 02:47:45 pm
I followed your instructions and got this error message:

Error: Unwrapping passphrase failed [-5]
Info: Check the system log for more information from libecryptfs
Title: Re: accessing peppermint drive remotely
Post by: PCNetSpec on September 17, 2014, 03:44:53 pm
Run:
Code: [Select]
sudo updatedb
then post the output from:
Code: [Select]
locate ecryptfs
and
Code: [Select]
locate passphrase
Title: Re: accessing peppermint drive remotely
Post by: PepPaulgr on September 19, 2014, 08:41:48 am
Here is the output of locate ecryptfs

paul@paul ~ $ locate ecryptfs
Spoiler (click here to view / hide)
/home/.ecryptfs
/lib/security/pam_ecryptfs.so
/sbin/mount.ecryptfs
/sbin/mount.ecryptfs_private
/sbin/umount.ecryptfs
/sbin/umount.ecryptfs_private
/usr/bin/ecryptfs-add-passphrase
/usr/bin/ecryptfs-find
/usr/bin/ecryptfs-insert-wrapped-passphrase-into-keyring
/usr/bin/ecryptfs-manager
/usr/bin/ecryptfs-migrate-home
/usr/bin/ecryptfs-mount-private
/usr/bin/ecryptfs-recover-private
/usr/bin/ecryptfs-rewrap-passphrase
/usr/bin/ecryptfs-rewrite-file
/usr/bin/ecryptfs-setup-private
/usr/bin/ecryptfs-setup-swap
/usr/bin/ecryptfs-stat
/usr/bin/ecryptfs-umount-private
/usr/bin/ecryptfs-unwrap-passphrase
/usr/bin/ecryptfs-verify
/usr/bin/ecryptfs-wrap-passphrase
/usr/bin/ecryptfsd
/usr/lib/ecryptfs
/usr/lib/libecryptfs.so.0
/usr/lib/libecryptfs.so.0.0
/usr/lib/libecryptfs.so.0.0.0
/usr/lib/ecryptfs/libecryptfs_key_mod_passphrase.so
/usr/share/ecryptfs-utils
/usr/share/doc/ecryptfs-utils
/usr/share/doc/libecryptfs0
/usr/share/doc/ecryptfs-utils/AUTHORS
/usr/share/doc/ecryptfs-utils/README.gz
/usr/share/doc/ecryptfs-utils/THANKS
/usr/share/doc/ecryptfs-utils/changelog.Debian.gz
/usr/share/doc/ecryptfs-utils/copyright
/usr/share/doc/ecryptfs-utils/ecryptfs-faq.html
/usr/share/doc/libecryptfs0/changelog.Debian.gz
/usr/share/doc/libecryptfs0/copyright
/usr/share/ecryptfs-utils/ecryptfs-mount-private.desktop
/usr/share/ecryptfs-utils/ecryptfs-mount-private.txt
/usr/share/ecryptfs-utils/ecryptfs-record-passphrase
/usr/share/ecryptfs-utils/ecryptfs-setup-private.desktop
/usr/share/lintian/overrides/ecryptfs-utils
/usr/share/locale-langpack/en_AU/LC_MESSAGES/ecryptfs-utils.mo
/usr/share/locale-langpack/en_CA/LC_MESSAGES/ecryptfs-utils.mo
/usr/share/locale-langpack/en_GB/LC_MESSAGES/ecryptfs-utils.mo
/usr/share/man/man1/ecryptfs-add-passphrase.1.gz
/usr/share/man/man1/ecryptfs-find.1.gz
/usr/share/man/man1/ecryptfs-generate-tpm-key.1.gz
/usr/share/man/man1/ecryptfs-insert-wrapped-passphrase-into-keyring.1.gz
/usr/share/man/man1/ecryptfs-mount-private.1.gz
/usr/share/man/man1/ecryptfs-recover-private.1.gz
/usr/share/man/man1/ecryptfs-rewrap-passphrase.1.gz
/usr/share/man/man1/ecryptfs-rewrite-file.1.gz
/usr/share/man/man1/ecryptfs-setup-private.1.gz
/usr/share/man/man1/ecryptfs-setup-swap.1.gz
/usr/share/man/man1/ecryptfs-stat.1.gz
/usr/share/man/man1/ecryptfs-umount-private.1.gz
/usr/share/man/man1/ecryptfs-unwrap-passphrase.1.gz
/usr/share/man/man1/ecryptfs-verify.1.gz
/usr/share/man/man1/ecryptfs-wrap-passphrase.1.gz
/usr/share/man/man1/mount.ecryptfs_private.1.gz
/usr/share/man/man1/umount.ecryptfs_private.1.gz
/usr/share/man/man7/ecryptfs.7.gz
/usr/share/man/man8/ecryptfs-manager.8.gz
/usr/share/man/man8/ecryptfs-migrate-home.8.gz
/usr/share/man/man8/ecryptfsd.8.gz
/usr/share/man/man8/mount.ecryptfs.8.gz
/usr/share/man/man8/pam_ecryptfs.8.gz
/usr/share/man/man8/umount.ecryptfs.8.gz
/usr/share/pam-configs/ecryptfs-utils
/var/lib/dpkg/info/ecryptfs-utils.list
/var/lib/dpkg/info/ecryptfs-utils.md5sums
/var/lib/dpkg/info/ecryptfs-utils.postinst
/var/lib/dpkg/info/ecryptfs-utils.prerm
/var/lib/dpkg/info/libecryptfs0.list
/var/lib/dpkg/info/libecryptfs0.md5sums
/var/lib/dpkg/info/libecryptfs0.postinst
/var/lib/dpkg/info/libecryptfs0.postrm
/var/lib/dpkg/info/libecryptfs0.shlibs
/var/lib/update-notifier/user.d/ecryptfs-record-passphrase
[close]


Here is the output of locate passphrase

paul@paul ~ $ locate passphrase
Spoiler (click here to view / hide)
/usr/bin/ecryptfs-add-passphrase
/usr/bin/ecryptfs-insert-wrapped-passphrase-into-keyring
/usr/bin/ecryptfs-rewrap-passphrase
/usr/bin/ecryptfs-unwrap-passphrase
/usr/bin/ecryptfs-wrap-passphrase
/usr/bin/wpa_passphrase
/usr/lib/ecryptfs/libecryptfs_key_mod_passphrase.so
/usr/share/ecryptfs-utils/ecryptfs-record-passphrase
/usr/share/gnome-disk-utility/change-passphrase-dialog.ui
/usr/share/man/man1/ecryptfs-add-passphrase.1.gz
/usr/share/man/man1/ecryptfs-insert-wrapped-passphrase-into-keyring.1.gz
/usr/share/man/man1/ecryptfs-rewrap-passphrase.1.gz
/usr/share/man/man1/ecryptfs-unwrap-passphrase.1.gz
/usr/share/man/man1/ecryptfs-wrap-passphrase.1.gz
/usr/share/man/man8/wpa_passphrase.8.gz
/var/lib/update-notifier/user.d/ecryptfs-record-passphrase
[close]


Title: Re: accessing peppermint drive remotely
Post by: PCNetSpec on September 19, 2014, 09:57:39 am
What's the output from:
Code: [Select]
mount

and whilst logged on locally, does:
Code: [Select]
ecryptfs-unwrap-passphrase ~/.ecryptfs/wrapped-passphrase
return a key ?
Title: Re: accessing peppermint drive remotely
Post by: PepPaulgr on September 19, 2014, 10:22:47 am
Here's the output:

paul@ ~ $ ls -a /home/.ecryptfs
.  ..  paulgrie
paul@ ~ $ ecryptfs-unwrap-passphrase ~/.ecryptfs/wrapped-passphrase
Passphrase:
Error: Unwrapping passphrase failed [-5]
Info: Check the system log for more information from libecryptfs
Title: Re: accessing peppermint drive remotely
Post by: PCNetSpec on September 19, 2014, 10:26:14 am
Try:
Code: [Select]
ecryptfs-unwrap-passphrase ~/.ecryptfs/paulgrie
If still no key, post the output from:
Code: [Select]
mount
and:
Code: [Select]
ls -al ~/.ecryptfs
Title: Re: accessing peppermint drive remotely
Post by: PepPaulgr on September 19, 2014, 10:43:20 am
output from mount

 ~ $ mount
/dev/mapper/peppermint--vg-root on / type ext4 (rw,errors=remount-ro)
proc on /proc type proc (rw,noexec,nosuid,nodev)
sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
none on /sys/fs/cgroup type tmpfs (rw)
none on /sys/fs/fuse/connections type fusectl (rw)
none on /sys/kernel/debug type debugfs (rw)
none on /sys/kernel/security type securityfs (rw)
udev on /dev type devtmpfs (rw,mode=0755)
devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755)
none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880)
none on /run/shm type tmpfs (rw,nosuid,nodev)
none on /run/user type tmpfs (rw,noexec,nosuid,nodev,size=104857600,mode=0755)
/dev/sda1 on /boot type ext2 (rw)
/home/paulgrie/.Private on /home/paulgrie type ecryptfs (ecryptfs_check_dev_ruid,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_unlink_sigs,ecryptfs_sig=53d35a1e77cdde5f,ecryptfs_fnek_sig=6a7c10d7d03528d7)
gvfsd-fuse on /run/user/paulgrie/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,user=paulgrie)
/dev/sdc1 on /media/paulgrie/AF57-AD29 type vfat (rw,nosuid,nodev,uid=1000,gid=1000,shortname=mixed,dmask=0077,utf8=1,showexec,flush,uhelper=udisks2)

output from ls -al ~/.ecryptfs

lrwxrwxrwx 1 paulgrie paulgrie 34 Jan 24  2014 /home/paulgrie/.ecryptfs -> /home/.ecryptfs/paulgrie/.ecryptfs
Title: Re: accessing peppermint drive remotely
Post by: PCNetSpec on September 19, 2014, 11:56:56 am
ok what's the output from:
Code: [Select]
ls -a /home/paulgrie/.ecryptfs
and
Code: [Select]
ls -a /home/.ecryptfs/paulgrie/.ecryptfs
Title: Re: accessing peppermint drive remotely
Post by: PepPaulgr on September 19, 2014, 12:15:18 pm
paulgrie@paulgrie-N68S3B ~ $ ls -a /home/paulgrie/.ecryptfs
.  ..  auto-mount  auto-umount  Private.mnt  Private.sig  wrapped-passphrase
paulgrie@paulgrie-N68S3B ~ $ ls -a /home/.ecryptfs/paulgrie/.ecryptfs
.  ..  auto-mount  auto-umount  Private.mnt  Private.sig  wrapped-passphrase
paulgrie@paulgrie-N68S3B ~ $

Title: Re: accessing peppermint drive remotely
Post by: PCNetSpec on September 19, 2014, 12:26:54 pm
Does:
Code: [Select]
ecryptfs-unwrap-passphrase /home/paulgrie/.ecryptfs/wrapped-passphrase
or
Code: [Select]
ecryptfs-unwrap-passphrase /home/.ecryptfs/paulgrie/.ecryptfss/wrapped-passphrase
give you your key ?

If not, what's the output from:
Code: [Select]
cat /var/log/syslog | grep ecryptfs
Title: Re: accessing peppermint drive remotely
Post by: PepPaulgr on September 19, 2014, 12:44:22 pm
Before I give you the output from the commands you gave me, I've located a password that I have for(password recovery for peppermint login) 

Also, I'm not trying to recover lost data. I'm just trying to click on my peppermint drive's home folder when I'm booted into a Peppermint live cd or usb. How would recovering the key enable me to do that/ That said, below is the output from your recent commands.


paulgrie@paulgrie-N68S3B ~ $ ecryptfs-unwrap-passphrase /home/paulgrie/.ecryptfs/wrapped-passphrase
Passphrase:
Error: Unwrapping passphrase failed [-5]
Info: Check the system log for more information from libecryptfs
paulgrie@paulgrie-N68S3B ~ $ ecryptfs-unwrap-passphrase /home/.ecryptfs/paulgrie/.ecryptfss/wrapped-passphrase
Passphrase:
Error: Unwrapping passphrase failed [-5]
Info: Check the system log for more information from libecryptfs
paulgrie@paulgrie-N68S3B ~ $ cat /var/log/syslog | grep ecryptfs
Sep 19 08:09:23 paulgrie-N68S3B sudo: pam_ecryptfs: pam_sm_authenticate: /home/paulgrie is already mounted
Sep 19 10:16:14 paulgrie-N68S3B ecryptfs-unwrap-passphrase: Incorrect wrapping key for file [/home/paulgrie/.ecryptfs/wrapped-passphrase]
Sep 19 10:38:41 paulgrie-N68S3B ecryptfs-unwrap-passphrase: Error attempting to open [/home/paulgrie/.ecryptfs/paulgrie] for reading
Sep 19 12:33:40 paulgrie-N68S3B xscreensaver: pam_ecryptfs: seteuid error
Sep 19 12:35:38 paulgrie-N68S3B ecryptfs-unwrap-passphrase: Incorrect wrapping key for file [/home/paulgrie/.ecryptfs/wrapped-passphrase]
Sep 19 12:36:48 paulgrie-N68S3B ecryptfs-unwrap-passphrase: Error attempting to open [/home/.ecryptfs/paulgrie/.ecryptfss/wrapped-passphrase] for reading
Title: Re: accessing peppermint drive remotely
Post by: PCNetSpec on September 19, 2014, 03:45:11 pm
If I'm reading the syslog entries correctly, it's asking for your password and you're entering the wrong one.

Whilst logged on locally, run:
Code: [Select]
ecryptfs-unwrap-passphrase /home/paulgrie/.ecryptfs/wrapped-passphrase
it should then prompt for your password .. it wants your Peppermint login password then hit enter .. and it should display the key
Title: Re: accessing peppermint drive remotely
Post by: PepPaulgr on September 19, 2014, 08:26:58 pm
On my system I have two passwords that I have to enter. The first is the password for the peppermint encryption. When I successfully enter that I then have to enter the password that I use to login and logout. I just assumed since this had to do with encryption, it wanted the first password. I tried entering the login password for the last command you gave me and I got a line of 32 characters. if this is the key you've been referring to, what do I do now with it?
Title: Re: accessing peppermint drive remotely
Post by: PepPaulgr on September 20, 2014, 01:39:22 pm
Thanks for all the advice. I finally got into my encrypted Peppermint drive.
Title: Re: accessing peppermint drive remotely
Post by: PCNetSpec on September 20, 2014, 03:10:55 pm
I take it you did what's covered here:
https://help.ubuntu.com/community/EncryptedPrivateDirectory#Live_CD_method_of_opening_a_encrypted_home_directory
using the unwrapped mount key ?
Title: Re: accessing peppermint drive remotely
Post by: PepPaulgr on September 21, 2014, 09:02:15 am
From the below link:

http://www.howtogeek.com/116297/how-to-recover-an-encrypted-home-directory-on-ubuntu/?PageSpeed=noscript

I did the following as seen in my terminal output: It worked as you can see:


ppermint@peppermint ~ $ sudo ecryptfs-recover-private
INFO: Searching for encrypted private directories (this might take a while)...
INFO: Found [/media/peppermint/home/.ecryptfs/paulgrie/.Private].
Try to recover this directory? [Y/n]: y
INFO: Found your wrapped-passphrase
Do you know your LOGIN passphrase? [Y/n] y
INFO: Enter your LOGIN passphrase...
Passphrase:
Inserted auth tok with sig  into the user session keyring
INFO: Success!  Private data mounted at [/tmp/ecryptfs.jrJK4Yc9
Title: Re: accessing peppermint drive remotely
Post by: PCNetSpec on September 21, 2014, 11:53:23 am
Cool .. thanks for that. :)