Encrypted file systems on Debian/Ubuntu Linux

delx — Tue, 25 Aug 2009 15:06:57 +0000

Recently I set up an encrypted file system so I could do rsync backups to a secured location. What you end up with is a mountable file system that you can use to securely store data. Debian offers an easy way to set up encrypted file systems using the LUKS standard with the cryptsetup package. You’ll need to enter a decryption passphrase to mount the volume whenever the system boots.

Package installation

Install the required packages:

# aptitude install e2fsprogs cryptsetup

Partitioning

Use your favourite partitioning tool, for example fdisk or cfdisk to set aside a whole partition with enough space to store your data.

Erase

This step is optional. For complete security you want the contents of the disk to be random before you start using it. Use the badblocks tool to do this.

# badblocks -c 10240 -s -w -t random -v /dev/sdX9

Format

The luksformat tool will format a partition to be used with LUKS (Linux Unified Key Setup) and then create a filesystem on it.

# luksformat -t ext3 /dev/sdX9

crypttab and fstab

Now all that remains is to a line in each of these config files.

Add this line to /etc/crypttab:

myname /dev/sdX9 none luks

The crypttab file is examined by the system during boot. Each line maps a real encrypted device file (/dev/sdX9) to a virtual decrypted device file (/dev/mapper/myname). Once you’ve added done this run the following command to actually set up the mapping:

# /etc/init.d/cryptdisks restart

Now you can set up that virtual device file to be mounted like any other. For example, the following command would mount your filesystem:

# mount /dev/mapper/myname /mnt

Note that you should probably use partition UUIDs (UUID=XXXXX) in place of device file names (/dev/sdX9) in your crypttab for a more robust system. The easiest way to find these is by running:

# ls -l /dev/disks/by-uuid

Add a line like this to /etc/fstab

/dev/mapper/myname /path/to/mountpoint ext3 defaults 0 2

Apple Keyboard on Linux

delx — Tue, 21 Apr 2009 06:20:11 +0000

The Apple aluminium keyboards are very nice. I recently bought one for an Ubuntu Linux machine, and it requires some special configuration to work as expected.

This post describes how to fix the function keys and swap command (windows or ‘super’) keys with the alt (or option) keys.

This command will fix the function keys, it saves you pressing fn-F1 whenever you want F1. The first command is for older kernels, the second is for version 2.6.28 or later.

# echo 2 > /sys/module/hid/parameters/pb_fnmode
# echo 2 > /sys/module/hid_apple/parameters/fnmode

Then add that line to your /etc/rc.local file, somewhere before the exit 0 at the end, so that it gets run on startup.

Next to swap the Command/Alt keys using xmodmap. I’m aware you can do this from the Gnome Keyboard Settings panel, but I’ve found this method works better. Particularly when combined with synergy.

Create a file called ~/.xmodmaprc with this inside:

clear mod1
keycode 115 = Alt_L
keycode 116 = Alt_R
keycode 64 = Super_L
keycode 113 = Super_R
add mod1 = Alt_L Alt_R

On another computer I’ve found this worked:

clear mod1
keycode 133 = Alt_L
keycode 134 = Alt_R
keycode 64 = Super_L
keycode 108 = Super_R
add mod1 = Alt_L Alt_R

Now run to activate the new keys, run:

$ xmodmap ~/.xmodmaprc

Don’t forget to add it to your list of startup programs. If you’re using Gnome, look at System->Preferences->Startup Applications
Otherwise you can just add it to ~/.xsession

To find the keycodes above I used the xev program. Try running it from a console. It shows you all X11 events that the xev window receives, including key presses/releases.