Ubuntu: Mount Encrypted Home Directory (~/.private) From an Ubuntu Live CD

by on May 13, 2010 · 13 comments· LAST UPDATED May 13, 2010

in

Recently my old desktop system crashed and I brought a new Ubuntu Laptop from Dell. To access my data from old hdd; I've attached my desktop harddisk using an external USB case. Now my old data is stored using external USB hard disk. How do I recover data from encrypted ~/.private home directory using an Ubuntu Live CD and copy it to existing laptop drive using known passphrase?

You can easily mount Ubuntu Encrypted Private or Encrypted Home directories from an Ubuntu LiveCD.

Step # 1: Boot From LiveCD

Use Ubuntu Live CD to boot system. Attach external USB hard disk to the system. If automouted just remove it.

Step # 2: Chroot To Old Hard Disk

Open terminal and type the following command to find USB device name:
$ sudo -s
# fdisk -l

Mount USB device at /media/chroot, enter:
# mkdir -p /media/chroot
# mount /dev/sdb1 /media/chroot

Replace /dev/sdb1 with actual USB device name.

Mount /proc file system inside /media/chroot

Type the following commands:
# D=/media/chroot
# mount -o bind /dev $D/dev
# mount -o bind /sys $D/sys
# mount -o bind /dev/shm $D/dev/shm
# mount -o bind /proc $D/proc

Optional give access to laptop hard disk inside chroot:
# mkdir $D/data
# mkdir /data-recovery
# mount --rbind /data-recovery $D/data

Chroot to $D

Type the following command to login into your old hard disk, enter:
# chroot $D
# su - username
# su - vivek

Replace vivek username with your actual username.

Mount Encrypted Home Directory

Type the following command:
$ ecryptfs-mount-private
The above will interactively prompt for the user’s login password. Once entered you can access data at /home/vivek:
$ df | grep vivek
$ cd /home/vivek
$ ls

How Do I Copy Data To Laptop?

Simply use cp or rsync command. Make sure laptop hard disk is also mounted from LiveCD:
$ cp -avr /home/vivek/data.dir/ /data
Make sure /data accessible inside chroot using the mount command (see above). When you exit from chroot jail, you should see your data at the following location:
# ls /data-recovery

How Do I Copy Data To Another System Over LAN?

Use rsync / scp / sftp command as follows:
$ rsync -av /home/vivek/data/dir1 user@server1:/data/to/dest
$ scp /path/to/file user@192.168.1.5:/dest

References:

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 13 comments… read them below or add one }

1 Relativ!3 May 16, 2010 at 12:29 pm

Hey Vivek,

Like always your posts are great and much appreciated.

Greets :)

Reply

2 Jeff June 1, 2010 at 4:24 pm

I’m a little confused- your whole home directory
was encrypted, of just the “private” subdirectory
of your home directory. Is the default in ubuntu
to encrypt the entire home directory?

Reply

3 nixCraft June 1, 2010 at 4:31 pm

Under Ubuntu ~/.private is mounted as /home/you; so yes whole home directory was encrypted. My last well known backup was 7 days old. Now, I’ve ordered one of those tiny desktop NAS devices to store backup snapshots. No more external USB for me.

Reply

4 Jeff June 1, 2010 at 5:32 pm

Ok- I have the latest version of ubuntu, but only from a series of upgrades-
my only encrypted directory is /home/user/private

thus must be a carry over from earlier versions
of ubuntu- hopefully I can get back into the directory,
as the system is borked and I’m having to migrate
to a new installation

Reply

5 Goksu June 7, 2011 at 6:24 am

Thank you for the post. It helped me a lot.

When the home directory is on a seperate partition, you need to mount it.
to do so, after # mount -o bind /proc $D/proc you should do a

# mount /dev/whereeverthepartitionis $D/home

otherwise you get an error /home not found after chroot.

Very good post overall.

note: You may also want to do a
ecryptfs-unwrap-passphrase /home/.ecryptfs/ubuntu_user/.ecryptfs/wrapped-passphrase
and write down the passphrase someplace too for future reference.

Reply

6 manu September 27, 2011 at 4:09 pm

Thanks man, very helpful post.
Two questions:
1.) I wonder if there’s an easier way than yours while on a running Kubuntu installation, cause on Ubuntu you can just click the folder and get a password dialog, can you?
2.) How do I chroot back to my system? :D I just rebooted for now.

Cu.

Reply

7 Eshwar October 19, 2011 at 7:33 am

When I do mkdir $:/data I get an error – cannot create, permission denied.

Reply

8 Eshwar October 19, 2011 at 7:37 am

I have the data in my laptop and booted with usb and trying to copy the data from my laptop to usb drive.
When I do mkdir $D/data I get an error – cannot create, permission denied.

Reply

9 Edward February 19, 2012 at 6:32 pm

Vivek Gite,
After a major server failure (clocksource error) and the thought of loosing 8+ months of work (as we lost backup as well), rebuilding our server and blaming everything under the sun this, and some other FAQs/forums being one of them was a massive help. We recovered all of our work and learnt a hell of alot about ubuntu.

Many thanks – Crona Ltd

Ed & Dave

Reply

10 Ron February 24, 2012 at 3:48 am

Hi Vivek,

Very helpful post, if I can get it all working!

When I tried your technique to mount my old encrypted home drive, it fails (Under ubuntu 11.10 live) like this:

root@ubuntu:/# su – myusername
open: No such file or directory
Error locking counterTo run a command as administrator (user “root”), use “sudo “.
See “man sudo_root” for details.

I copied and pasted your commands into my terminal window, still I receive that error when I issue the “su – username” command.

Can you offer any suggestions?

Thank you for this post, and any help you can offer.

Ron

Reply

11 Lazza July 18, 2012 at 9:34 am

I had the same error as Ron. I followed the “long way” in this wiki article to mount my encrypted home: https://help.ubuntu.com/community/EncryptedPrivateDirectory#Long_way

Reply

12 Mac TheMac August 19, 2012 at 5:27 pm

Hello,

I also like this post. Since I encounter the same problem like Ron and Lazza, I wonder whether anyone has a solution?

I get at some point the message

user@host:~/#ecryptfs-mount-private
ERROR: Encrypted private directory is not setup properly

But the encryption was automatically done during installation… ?

It would be great if anyone has an idea.
Mac

Reply

13 Lazza August 19, 2012 at 8:55 pm

Use the link I provided to access your data, after that, you should back it up in clear form and maybe create a new user with an encrypted home setup, then copy all the data back and delete the old user. ;)

Reply

Leave a Comment

Tagged as: , , , , , , , , , , , , ,

Previous Faq:

Next Faq: