Ubuntu 20.04 Tutorial: Encrypt Ubuntu After Installation (Home Folder & Swap Space)

Learn how to encrypt Ubuntu Linux machines after installation with Ben Garrison, JumpCloud’s Technical Champion. This tutorial covers both home folder encryption and swap space encryption using ecryptfs and cryptsetup.

Read the full text walkthrough: https://jumpcloud.com/blog/how-to-encrypt-ubuntu-20-04-desktop-post-installation

Video instructions, commands, and timestamps:

0:00 Pre- vs post-installation encryption
2:00 Install ecryptfs-utils and cryptsetup

command:

$ sudo apt install ecryptfs-utils cryptsetup

2:25 Assign Sudo privileges

Create a new privileged user:

$ sudo adduser username

encryption_user is the name of the user we’ll create.

$ sudo adduser encryption_user

Add the user to the sudoers group with root privilege.

$ sudo usermod -aG sudo encryption_user

Log into the profile you just created. Do NOT reboot when logging out!

3:50 Encrypt the home folder

In this tutorial, ~ben is the home folder of the user account called ben. View the home folder with this command:

$ sudo ls -l ~ben

Execute this command to encrypt the home folder:

$ sudo ecryptfs-migrate-home -u ben

The encryption process will begin and you will see several important notes about the encryption process.

5:06 Confirm home folder encryption

Confirm that this account has the correct access by creating a new file. In this tutorial, we will use a hello.txt text file.

Enter filler text and then save using Ctrl + D. Verify that the data has been successfully written. Reading and writing data confirms that we have successfully encrypted the home folder.

6:05 Record your encryption passphrase

At this point, you should see a popup prompting you to record your encryption passphrase.

Run the action and enter your passphrase when prompted. You will be able to view your recovery passphrase using the following command:

$ sudo ecryptfs-unwrap-passphrase

Remember to save your recovery passphrase in a safe location!

7:15 Encrypt swap space

Encrypting your swap space provides you with an extra layer of security. You can see if there is swap space on your system using this command:

$ swapon -s

You can then see how much swap space is available using this command:

$ free -h

To encrypt the swap space, run this command and enter your password when prompted:

$ sudo ecryptfs-setup-swap

8:03 Clean up

With the home folder and swap space successfully encrypted, we will remove the user and extra files we created:

$ sudo deluser –remove-home encryption_user

Delete the temporary folder that was created when we originally ran the migration command. In this tutorial, we identified it by locating the directory that contains .nBBZHLmp in the name.

$ sudo rm -Rf /home/ben.nBBZHLmp

Congratulations! You now know how to encrypt Ubuntu post-installation.

Questions? Let us know in the comments below!

—————–

If you would like to learn how to achieve full disk encryption using LUKS during installation, you can watch our tutorial here: https://youtu.be/kx2iLYgtfz4

—————–

Learn more about JumpCloud: https://jumpcloud.com

Try JumpCloud for free: https://jumpcloud.com/signup

Resources and social media:

Community: https://community.jumpcloud.com
Blog: https://jumpcloud.com/blog
Facebook: https://www.facebook.com/JumpCloud.DaaS
Twitter: https://twitter.com/JumpCloud
LinkedIn: https://www.linkedin.com/company/jumpcloud

#JumpCloud #LinuxTutorial #Ubuntu20 #Ubuntu #Encryption

source

ubuntu