Site Map - skip to main content - dyslexic font - mobile - text - print

Hacker Public Radio

Your ideas, projects, opinions - podcasted.

New episodes Monday through Friday.


hpr1101 :: Recovery of an (en)crypted home directory in a buntu based system

Encrypted home folder recovery

<< First, < Previous, Latest >>

Host Image
Hosted by FiftyOneFifty on 2012-10-22 is flagged as Explicit and is released under a CC-BY-SA license.
Listen in ogg, spx, or mp3 format. | Comments (6)

Recovery of an (en)crypted home directory in a 'buntu based system

by 5150


This is going to be the archetypal “How I Did It” episode because if fulfills the criterion of dealing with an issue most listeners will most likely never have to resolve, but might be invaluable to those few who some day encounter the same problem, how to recover an encrypted home folder on an Ubuntu system.

I enabled home folder encryption on installation of a Linux Mint 8 system some years back and it never gave me trouble until the day that it did. Suddenly, my login would be accepted, but then I would come right back to GDM. Finally I dropped into a text console to try to recover the contents of my home folder, and instead found two files, Access-Your-Private-Data.desktop and README.txt . README.txt explained that I had arrived in my current predicament because my user login and password for some reason were no longer decrypting my home folder (Ubuntu home folder encryption is tied to your login, no additional password is required). Honestly, until I lost access to my files, I 'd forgotten that I'd opted for encryption. I found two articles that described similar methods of recovery. I'd tried that following their instructions and failed, probably because I was mixing and matching what seemed to be the easiest steps to implement from the two articles. When I took another look at the material weeks later, I discovered I missed a link in the comments that led me to an improved method added at Ubuntu 11.04 that saves several steps: http://blog.dustinkirkland.com/2011/04/introducing-ecryptfs-recover-private.html

  1. Boot to an Ubuntu distribution CD (11.04 or later)

  2. Create a mount point and mount the hard drive. Of course, if you configured you drive(s) with multiple data partitions (root, /home, etc) you would have to mount each separately to recover all the contents of your drive, but you only have to worry about decrypting your home directory. If you use LVM, and your home directory spans several physical drives or logical partitions, I suspect things could get interesting.

    1. $sudo mkdir /media/myhd

      1. /media is owned by root, so modifying it requires elevation

    2. You need to confirm how your hardrive is registered with the OS. I just ran Disk Utility and confirmed that my hard drive was parked at /dev/sda, that meant that my single data partition would be at /dev/sda1

    3. $sudo mount /dev/sda1 /media/myhd

    4. Do a list on /media/myhd to confirm the drive is mounted

      1. $ls /media/myhd

    5. The new recovery command eliminates the need to re-create your old user

      1. $sudo ecryptfs-recover-private (yes, ecrypt not encrypt)

      2. You will have to wait a few minutes while the OS searches your hard drive for encrypted folders

        1. When a folder is found, you will see

          INFO: Found [/media/myhd/home/.ecryptfs/username/.Private].

          Try to recover this directory? [Y/n]

          • Respond “Y”

        2. You will be prompted for you old password

        3. You should see a message saying your data was mounted read only at

          /tmp/ecryptfs.{SomeStringOfCharacters}

          • I missed the mount point at first, I was look for my files in /media/myhd/home/myusername

    6. If you try to list the files in /tmp/ecryptfs.{SomeStringOfCharacters}, you will get a “Permission Denied” error. This because your old user owns these files, not your distribution CD login

      1. [You will probably want to copy “/tmp/ecryptfs.{SomeStringOfCharacters}” into your terminal buffer as you will need to reference it in commands. You can select if with your mouse in the “Success” message and copy it with <Ctrl><Alt>c, paste it later with <Ctrl><Alt>v

      2. I tried to take ownership of /tmp/ecryptfs.{SomeStringOfCharacters}, I should have thought that would have worked.

        1. From my command prompt, I can see my user name is “ubuntu”

        2. $ sudo chown -R ubuntu /tmp/ecryptfs.{SomeStringOfCharacters}

          • -R takes ownership of subdirectories recursively

          • It's a good time to get a cup of coffee

    7. Next, we need to copy the files in our home directory to another location, I used an external USB drive (it was automounted under /media when I plugged it in). If you had space on the original hard drive, I suppose you could create a new user and copy the files to the new home folder. I decided to take the opportunity to upgrade my distro. Some of the recovered files will wind up on my server and some on my newer laptop.

      1. One could run Ubuntu's default file manager as root by issuing “sudo nautilus &” from the command line (the “&” sends the process to the background so you can get your terminal prompt back)

        1. Before copying, be sure to enable “View Hidden Files” so the configuration files and directories in you home directory will be recovered as well. As I said, there are select configuration files and scripts in /etc I will want to grab as well.

      2. I had trouble with Nautilus stopping on a file it couldn't copy, so I used cp from the terminal so the process wouldn't stop every time it needed additional input.

        1. $ cp -Rv /tmp/ecryptfs.{SomeStringOfCharacters} /media/USBDrive/Recovered

          • Of course the destination will depend on what you've named your USB drive and what folder (if any) you created to hold your recovered files

          • -Rv copies subdirectories recursively and verbosely, otherwise the drive activity light may be your only indication of progress. The cp command automatically copies hidden files as well.

          • Because of the file ownership difficulties, I could only copy the decrypted home folder in its entirety,

      3. I still had trouble with access do to to ownership once I detached the external drive and remounted it on my Fedora laptop, but I took care of that with:

        1. $ su -c 'chown -R mylogin/media/USBDrive/Recovered'


Comments

Subscribe to the comments RSS feed.

Comment #1 posted on 2012-10-23T16:14:15Z by FiftyOneFifty

aparanoidshell tells me I likely could have avoided the necessity of taking ownership of volumes by using rsync rather than cp. Good tip.

Comment #2 posted on 2012-10-23T18:44:27Z by AukonDK

Good stuff

Nice little episode 5150. I always avoided the encrypted home option for fear of exactly something like this happen. Good to know it is fixable.

Comment #3 posted on 2012-10-25T17:38:15Z by FiftyOneFifty

BTW, this one and I believe TermDucken sound odd be cause on my Um hunt and silence removal, I was was too aggressive removing the spaces between words. I didn't hear it playing clips back in Audacity, but it was pronounced when I listened to the whole ep on a mobile player before uploading it. Unfortunately, by that time, I needed to focus on other tasks and let the editing I'd already done stand.

Comment #4 posted on 2012-11-07T17:16:56Z by pokey

FiftyOneFifty, It was a good episode regardless. I didn't mean to imply that it made the episode hard to listen to, or hard to understand, just unnatural. The content was very good.

Comment #5 posted on 2012-12-10T15:16:33Z by LOrd Drachenblut

Full Disk Encryption recovery

on the topic of full disk recovery this has been covered on HPR before http://hackerpublicradio.org/eps.php?id=0447

cheers

Comment #6 posted on 2013-09-05T11:20:17Z by bro

So had almost identical problem. I couldn't access the mounted home folder due to access rights. I couldn't su into root since I didn't have the password. But I could chroot to the current root (on the live distro) which made me root. I am currently copying the files so I will see how it goes

Leave Comment

Note to Verbose Commenters
If you can't fit everything you want to say in the comment below then you really should record a response show instead.

Note to Spammers
All comments are moderated. All links are checked by humans. We strip out all html. Feel free to
record a show about yourself, or your industry, or any other topic we may find interesting. We also check shows for spam :).

Provide feedback
Your Name/Handle:
Title:
Comment:
Anti Spam Question: What does the P in HPR stand for ?
Are you a spammer →
Who hosted this show →
What does HPR mean to you ?