Encrypt user home with eCryptfs Sun, Apr 11, 2021 02:00 CEST

We encrypt a user home directory with eCryptfs. The consequence is that the contents of this directory are only accessible if at least one of the following is true:

• You know the user’s password.
• The user is logged in* AND you have read permission to the user’s directory (if you are root for instance).

* or has processes surviving logout (for instance lingering services).

This may increase privacy, depending on how the system is used.

If the user home is not encrypted, it would suffice to be root (without the user necessary being logged in). Note that being root on another system and mounting the partition hosting the user’s home suffices.

Automatically Mount LUKS Encrypted Device with Crypttab and Fstab Thu, Nov 12, 2020 20:00 CET

Put that second drive to use!

Decrypt Storage Using Hidden Key Material Sun, Dec 1, 2019 04:54 CET

To make it even harder for predatory institutions to find your keys.

Automatically Create SSH Tunnels Sat, Nov 30, 2019 00:29 CET

Use autossh and a systemd service…

Encrypted Install With Arch Linux on BIOS Sat, Oct 12, 2019 02:00 CEST

So easy!

Backup LUKS header Thu, Oct 10, 2019 17:15 CEST

LUKS partitions cannot be recovered once the header is lost.

Setup Secure SSH Proxy Account Wed, Oct 9, 2019 11:55 CEST

No need to enable full login shell if the only intended usage is proxying.

Setup Secure SSH Tunnel Account Wed, Oct 9, 2019 11:55 CEST

No need to enable full login shell if the only intended usage is tunneling.

Unlock Partition Automatically With Keyfile on External Device Linux Fri, Jun 21, 2019 23:46 CEST

Useful in specific situations.

LUKS encrypted storage device. Mon, Apr 8, 2019 01:00 CEST

So easy to encrypt a USB key, or external or internal drive!