LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   How does one change login passphrase (to unlock encrypted home directory) (http://www.linuxquestions.org/questions/linux-security-4/how-does-one-change-login-passphrase-to-unlock-encrypted-home-directory-845728/)

tonyfreeman 11-22-2010 12:52 AM

How does one change login passphrase (to unlock encrypted home directory)
 
Hello,

I just installed the testing version of Debian with the option to setup encrypted home directories. I used a passphrase that I now want to change to something else. How do I do that?

win32sux 11-22-2010 02:57 AM

Quote:

Originally Posted by tonyfreeman (Post 4166732)
Hello,

I just installed the testing version of Debian with the option to setup encrypted home directories. I used a passphrase that I now want to change to something else. How do I do that?

Is your account password being used as the passphrase for the encryption key? If so, just use the passwd command.

tonyfreeman 11-22-2010 09:43 AM

passphrase for mouting / (root) directory
 
The passphrase is different from my password.

I miss informed in my earlier post (it was late for me) it is not only the home directory that is protected by the passphrase but the root '/' directory. Booting the machine stops for me to type in the passphrase. This is good and is what I want ... but now I realize that my passphrase could be guessed a lot easier than I thought ... so i want to change it.

baltazar3 11-22-2010 09:43 AM

Assuming Debian uses cryptsetup for this, you can use cryptsetup luksAddKey and cryptsetup luksRemoveKey. See man cryptsetup.

tonyfreeman 11-22-2010 09:12 PM

cryptsetup luksAddKey / luksRemoveKey
 
Thanks ... that helped me get the crappy passphrase changed.

The process was to add the new passphrase, test it, remove the old passphrase:

Code:

cryptsetup luksAddKey /dev/sda5
That asked me for the existing passphrase which I provided and then enter my new passphrase twice. I rebooted and provided this new passphrase to make sure it worked. I rebooted once again and provided the old passphrase and that worked as well.

Code:

cryptsetup luksRemoveKey /dev/sda5
I provided my old passphrase (the one I wanted to remove) and then had to provide my 'remaining' (new) passphrase for confirmation.

Thanks for your help


All times are GMT -5. The time now is 09:53 AM.