How to encrypt Ubuntu Server

This is an article to demonstrate how to encrypt a server installation and users home folder during the server installation. I wrote an article about the Ubuntu Desktop encryption earlier to demonstrate how it’s done on a Desktop system. The Server installation with encryption is a little bit more involved than the Desktop installation.I am using a Virtual Machine to demonstrate the process step by step with screen-shots to illustrate it.

Boot up your server with your installation CD/DVD and you should see the following screen.

Server install Language selection
Server install Language selection

Pick your desired language and hit enter.

Server installation menu
Server installation menu

Use your cursor keys and select “Install Ubuntu Server” and hit enter.

Server install - select Language
Server install – select Language

Pick a language for your installation and hit enter.

Server install - select location
Server install – select location

Select a Country for your installation and hit enter.

Server install - Detect Keyboard
Server install – Detect Keyboard

Select Yes or No for detecting your keyboard layout. I chose “No“.

Server install - Keyboard Language
Server install – Keyboard Language

Select the Keyboard language and hit enter.

Server install - Keyboard Layout
Server install – Keyboard Layout

Select the Keyboard Layout and hit enter.

Server install - Detecting Hardware
Server install – Detecting Hardware

The installer tries to detect your server hardware.

Server install - loading additional components
Server install – loading additional components

Then the system loads additional components.

Server install - enter hostname
Server install – enter hostname

Enter a Hostname for your system and hit enter to continue.

Server install - enter Full name
Server install – enter Full name

Enter the Full name for the system owner or administrator.

Server install - enter username
Server install – enter username

Enter a desired system administrator login name and hit enter to continue.

Server install - enter password
Server install – enter password

Enter the desired password for the system administrator account.

Server install - confirm password
Server install – confirm password

Enter the password again to confirm it.

Server install Encrypt Home directory
Server install Encrypt Home directory

Select “Yes” to encrypt the System Administrators Home Directory.

Server install - Timezone
Server install – Timezone

Select “Yes” to confirm the detected timezone if it’s correct.

Server install - Partition Disk and encryption
Server install – Partition Disk and encryption

Select “Guided – use entire disk and set up encrypted LVM” and hit enter to continue.

Server install - select disk to partition
Server install – select disk to partition

Hit enter to confirm disk for partitioning.

Server install - write changes to disk
Server install – write changes to disk

Select “Yes” to write all changes to disk.

Server install - Disk encryption passphrase
Server install – Disk encryption passphrase

Enter a strong password for your disk encryption.

Server install - Disk encryption passphrase confirmation
Server install – Disk encryption passphrase confirmation

Enter it again to confirm it and hit enter to continue.

Server install - Volume group size
Server install – Volume group size

Hit enter if you like to use the full disk for this Volume Group.

Server install - Write changes to the disk
Server install – Write changes to the disk

Select “Yes” again to write all changes to disk and hit enter to continue.

Server install - Installing the system
Server install – Installing the system

Now the system is going to be installed.

Server install - Proxy setting
Server install – Proxy setting

Enter a Proxy Server address if your Internet connection requires one otherwise hit enter to continue.

Server install - automatic security updates
Server install – automatic security updates

At this point I highly recommend to select the option “Install security updates automatically” to ensure your system will be patched and stays secure.

Server install - select additional packages
Server install – select additional packages

Here I also recommend to install at least the “OpenSSH Server” package so that you can remote administer the system.

Server install - Grub Boot loader install
Server install – Grub Boot loader install

Select “Yes” and hit enter to install the Grub Boot loader.

Server install - finish installation
Server install – finish installation

Hit enter to finish the installation and reboot the system.

Server install - enter unlock password
Server install – enter unlock password

Upon boot up the system will ask you now to enter the encryption passphrase to decrypt the system so it can be booted up all the way.

Server install - System login
Server install – System login

If you see this screen that means that our installation went okay and encryption is working. Now lets login and see if our Home Folder is accessible.

Server install - reveal home folder encryption key
Server install – reveal home folder encryption key

If you log in okay without errors that also means that our Home Folder encryption is working okay. Now enter the command “ecryptfs-unwrap-passphrase” in order to reveal our home folder encryption key.

Server install - encryption key revealed
Server install – encryption key revealed

Enter your passphrase and if it is working correctly it should display the encryption key.

I recommend that your make a note of that key in case you have to recover data from your home folder.

That is it.

Enjoy and Namaste!