How to encrypt Ubuntu Server

This is an article to demonstrate how to encrypt a server installation and users home folder during the server installation. I wrote an article about the Ubuntu Desktop encryption earlier to demonstrate how it’s done on a Desktop system. The Server installation with encryption is a little bit more involved than the Desktop installation.I am using a Virtual Machine to demonstrate the process step by step with screen-shots to illustrate it.

Boot up your server with your installation CD/DVD and you should see the following screen.

Pick your desired language and hit enter.

Use your cursor keys and select “Install Ubuntu Server” and hit enter.

Server install - select Language — Server install – select Language

Pick a language for your installation and hit enter.

Server install - select location — Server install – select location

Select a Country for your installation and hit enter.

Server install - Detect Keyboard — Server install – Detect Keyboard

Select Yes or No for detecting your keyboard layout. I chose “No“.

Server install - Keyboard Language — Server install – Keyboard Language

Select the Keyboard language and hit enter.

Server install - Keyboard Layout — Server install – Keyboard Layout

Select the Keyboard Layout and hit enter.

Server install - Detecting Hardware — Server install – Detecting Hardware

The installer tries to detect your server hardware.

Server install - loading additional components — Server install – loading additional components

Then the system loads additional components.

Server install - enter hostname — Server install – enter hostname

Enter a Hostname for your system and hit enter to continue.

Server install - enter Full name — Server install – enter Full name

Enter the Full name for the system owner or administrator.

Server install - enter username — Server install – enter username

Enter a desired system administrator login name and hit enter to continue.

Server install - enter password — Server install – enter password

Enter the desired password for the system administrator account.

Server install - confirm password — Server install – confirm password

Enter the password again to confirm it.

Select “Yes” to encrypt the System Administrators Home Directory.

Server install - Timezone — Server install – Timezone

Select “Yes” to confirm the detected timezone if it’s correct.

Server install - Partition Disk and encryption — Server install – Partition Disk and encryption

Select “Guided – use entire disk and set up encrypted LVM” and hit enter to continue.

Server install - select disk to partition — Server install – select disk to partition

Hit enter to confirm disk for partitioning.

Server install - write changes to disk — Server install – write changes to disk

Select “Yes” to write all changes to disk.

Server install - Disk encryption passphrase — Server install – Disk encryption passphrase

Enter a strong password for your disk encryption.

Server install - Disk encryption passphrase confirmation — Server install – Disk encryption passphrase confirmation

Enter it again to confirm it and hit enter to continue.

Server install - Volume group size — Server install – Volume group size

Hit enter if you like to use the full disk for this Volume Group.

Server install - Write changes to the disk — Server install – Write changes to the disk

Select “Yes” again to write all changes to disk and hit enter to continue.

Server install - Installing the system — Server install – Installing the system

Now the system is going to be installed.

Server install - Proxy setting — Server install – Proxy setting

Enter a Proxy Server address if your Internet connection requires one otherwise hit enter to continue.

Server install - automatic security updates — Server install – automatic security updates

At this point I highly recommend to select the option “Install security updates automatically” to ensure your system will be patched and stays secure.

Server install - select additional packages — Server install – select additional packages

Here I also recommend to install at least the “OpenSSH Server” package so that you can remote administer the system.

Server install - Grub Boot loader install — Server install – Grub Boot loader install

Select “Yes” and hit enter to install the Grub Boot loader.

Server install - finish installation — Server install – finish installation

Hit enter to finish the installation and reboot the system.

Server install - enter unlock password — Server install – enter unlock password

Upon boot up the system will ask you now to enter the encryption passphrase to decrypt the system so it can be booted up all the way.

Server install - System login — Server install – System login

If you see this screen that means that our installation went okay and encryption is working. Now lets login and see if our Home Folder is accessible.

Server install - reveal home folder encryption key — Server install – reveal home folder encryption key

If you log in okay without errors that also means that our Home Folder encryption is working okay. Now enter the command “ecryptfs-unwrap-passphrase” in order to reveal our home folder encryption key.

Server install - encryption key revealed — Server install – encryption key revealed

Enter your passphrase and if it is working correctly it should display the encryption key.

I recommend that your make a note of that key in case you have to recover data from your home folder.

That is it.

Enjoy and Namaste!

Like this:

Related