automaticaly mount/umount encrypted $HOME or ...

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

automaticaly mount/umount encrypted $HOME or ...

Maxim Bourmistrov-4
... yet another vnd-hack including modified login_passwd, sudo  
and .bash_logout:

http://en.roolz.org/Blog/Entries/2009/4/27_Auto_mount_umount_of_encrypted_%24HOME_on_OpenBSD.html

Read first-line warning carefully before usage/flame :).

//maxim

Reply | Threaded
Open this post in threaded view
|

Re: automaticaly mount/umount encrypted $HOME or ...

Nick Guenther
Interesting. But if I steal your laptop and run jack the ripper on it
then I get your svnd password, don't I?

Using bash seems awkward. Does this work if you're using xdm?

Otherwise, this is very slick. The reason I haven't gotten around to
using encrypted homes is just that it's awkward to do it in .profile
because you'd have to remount your /home/$USER over top, but moving
the mounting code into login(1) avoids that

-Nick

On 28/04/2009, Maxim Bourmistrov <[hidden email]> wrote:
> ... yet another vnd-hack including modified login_passwd, sudo
> and .bash_logout:
>
> http://en.roolz.org/Blog/Entries/2009/4/27_Auto_mount_umount_of_encrypted_%24HOME_on_OpenBSD.html
>
> Read first-line warning carefully before usage/flame :).
>
> //maxim

Reply | Threaded
Open this post in threaded view
|

Re: automaticaly mount/umount encrypted $HOME or ...

Timo Myyrä
I encrypted my $HOME with bioctl and just put the 'bioctl -c C -l
/dev/sd0g softraid0' line to my /etc/rc.
Simple and working solution although it needs a little bit
tweaking as currently I get dropped to single user mode if I
misstype my passphrase.  This happens quite easily as I use dvorak
layout that isn't loaded once the passphrase is prompted.  

Timo

Reply | Threaded
Open this post in threaded view
|

Re: automaticaly mount/umount encrypted $HOME or ...

Maxim Bourmistrov-4
In reply to this post by Nick Guenther
Well, it is up to you to chose complexity of the password and let the  
john to work harder. :)

Choosing bash was a quick solution for executing the job after I'v  
logged out, e.g. how else do you umount and vnconfig -u?
I'd like to use default ksh, but quick google-search gave me an answer  
- ksh can not exec after logout.
Here I hope someone can point me to the right direction. Using bash  
and shells at all isn't a clean solution, but the only I have found at  
the time.

Not tested with xdm. Really, non tests at all, only the setup described.

As stated, this is just a concept. Improvements always accepted :)

//maxim

On 28 apr 2009, at 20.25, Nick Guenther wrote:

> Interesting. But if I steal your laptop and run jack the ripper on it
> then I get your svnd password, don't I?
>
> Using bash seems awkward. Does this work if you're using xdm?
>
> Otherwise, this is very slick. The reason I haven't gotten around to
> using encrypted homes is just that it's awkward to do it in .profile
> because you'd have to remount your /home/$USER over top, but moving
> the mounting code into login(1) avoids that
>
> -Nick
>
> On 28/04/2009, Maxim Bourmistrov <[hidden email]>  
> wrote:
>> ... yet another vnd-hack including modified login_passwd, sudo
>> and .bash_logout:
>>
>> http://en.roolz.org/Blog/Entries/2009/4/27_Auto_mount_umount_of_encrypted_%24HOME_on_OpenBSD.html
>>
>> Read first-line warning carefully before usage/flame :).
>>
>> //maxim

Reply | Threaded
Open this post in threaded view
|

Re: automaticaly mount/umount encrypted $HOME or ...

Daniele Pilenga-3
In reply to this post by Timo Myyrä
On Tue, Apr 28, 2009 at 9:18 PM, Timo Myyrd <[hidden email]> wrote:
> I encrypted my $HOME with bioctl and just put the 'bioctl -c C -l /dev/sd0g
> softraid0' line to my /etc/rc. Simple and working solution although it
needs
> a little bit tweaking as currently I get dropped to single user mode if I
> misstype my passphrase.  This happens quite easily as I use dvorak layout
> that isn't loaded once the passphrase is prompted.

Maybe this one of mine can be of help:

##
echo "Configuring /home"
TRY=3
while [ $TRY -gt 0 ]; do
        bioctl -c C -l /dev/sd0f softraid0
        if [ $? -eq 0 ]; then
                fsck -p /dev/sd1c \
                && mount -o softdep /dev/sd1c /home
                break
        fi
        let TRY=TRY-1
done
##

I've put this in rc.securelevel.

Ciao,
D.

Reply | Threaded
Open this post in threaded view
|

Re: automaticaly mount/umount encrypted $HOME or ...

Matthew Szudzik
In reply to this post by Timo Myyrä
On Tue, Apr 28, 2009 at 10:18:35PM +0300, Timo Myyr?? wrote:
> I encrypted my $HOME with bioctl and just put the 'bioctl -c C -l  
> /dev/sd0g softraid0' line to my /etc/rc. Simple and working solution
> although it needs a little bit tweaking as currently I get dropped to
> single user mode if I misstype my passphrase.  This happens quite easily

Try

 until bioctl -c C -l /dev/sd0g softraid0; do done

Reply | Threaded
Open this post in threaded view
|

Re: automaticaly mount/umount encrypted $HOME or ...

uw.o3si.de
In reply to this post by Maxim Bourmistrov-4
Hi Maxim,
 
> Choosing bash was a quick solution for executing the job after I'v  
> logged out, e.g. how else do you umount and vnconfig -u?
> I'd like to use default ksh, but quick google-search gave me an
> answer  
> - ksh can not exec after logout.
> Here I hope someone can point me to the right direction. Using bash  
> and shells at all isn't a clean solution, but the only I have found
> at the time.

You can use something like this with ksh (.profile):

if [[ -r ~/.ksh_logout ]]; then
    trap '. ~/.ksh_logout' EXIT TERM KILL
fi

Regards Uwe