This is an article to demonstrate how to encrypt a server installation and users home folder during the server installation. I wrote an article about the Ubuntu Desktop encryption earlier to demonstrate how it’s done on a Desktop system. The Server installation with encryption is a little bit more involved than the Desktop installation.I am using a Virtual Machine to demonstrate the process step by step with screen-shots to illustrate it.
Boot up your server with your installation CD/DVD and you should see the following screen.
Pick your desired language and hit enter.
Use your cursor keys and select “Install Ubuntu Server” and hit enter.
Pick a language for your installation and hit enter.
Select a Country for your installation and hit enter.
Select Yes or No for detecting your keyboard layout. I chose “No“.
Select the Keyboard language and hit enter.
Select the Keyboard Layout and hit enter.
The installer tries to detect your server hardware.
Then the system loads additional components.
Enter a Hostname for your system and hit enter to continue.
Enter the Full name for the system owner or administrator.
Enter a desired system administrator login name and hit enter to continue.
Enter the desired password for the system administrator account.
Enter the password again to confirm it.
Select “Yes” to encrypt the System Administrators Home Directory.
Select “Yes” to confirm the detected timezone if it’s correct.
Select “Guided – use entire disk and set up encrypted LVM” and hit enter to continue.
Hit enter to confirm disk for partitioning.
Select “Yes” to write all changes to disk.
Enter a strong password for your disk encryption.
Enter it again to confirm it and hit enter to continue.
Hit enter if you like to use the full disk for this Volume Group.
Select “Yes” again to write all changes to disk and hit enter to continue.
Now the system is going to be installed.
Enter a Proxy Server address if your Internet connection requires one otherwise hit enter to continue.
At this point I highly recommend to select the option “Install security updates automatically” to ensure your system will be patched and stays secure.
Here I also recommend to install at least the “OpenSSH Server” package so that you can remote administer the system.
Select “Yes” and hit enter to install the Grub Boot loader.
Hit enter to finish the installation and reboot the system.
Upon boot up the system will ask you now to enter the encryption passphrase to decrypt the system so it can be booted up all the way.
If you see this screen that means that our installation went okay and encryption is working. Now lets login and see if our Home Folder is accessible.
If you log in okay without errors that also means that our Home Folder encryption is working okay. Now enter the command “ecryptfs-unwrap-passphrase” in order to reveal our home folder encryption key.
Enter your passphrase and if it is working correctly it should display the encryption key.
I recommend that your make a note of that key in case you have to recover data from your home folder.
That is it.
Enjoy and Namaste!