How to recover crypted home directory in Ubuntu


UPDATE: this topic is also covered in a better way at Dustin Kirkland’s blog
Locked hard drive

From some versions ago, Ubuntu provides the facility of setting up the home folder of his users as cyphered directories. This method secure all the documents of the user from any kind of attacks (once the user is not logged in) but what happens if something goes wrong and… you cannot boot the machine anymore? Well, the pc doesn’t recognize its user, you, and you are unable to get your data if you boot from an external hard drive or cd or usb. If you try to boot using an extern device like those, you will find your home directory empty. So… How do we recover data in this case?

If you try to mount your /home partition and try to recover your data you get this error:

root@ubuntu:/home/goshawk# ecryptfs-mount-private
ERROR: Encrypted private directory is not setup properly

During my everyday use i have been in this kind of problems. Don’t ask me how and why, but i accidentally run a rm -fr /sbin so my system was unable to boot. To recover my cyphered data i did the following:

  1. Boot from cd or usb with a live version of Ubuntu
  2. Mount your home partition in /home
  3. Create an user with the same name as your broken system username (in my case goshawk) and run ecryptfs-mount-private like i did in the following console log.

root@ubuntu:/home/goshawk# adduser --no-create-home goshawk

Adding user `goshawk' ...
Adding new group `goshawk' (1000) ...
Adding new user `goshawk' (1000) with group `goshawk' ...
Not creating home directory `/home/goshawk'.
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for goshawk
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] y
root@ubuntu:/home/goshawk# su goshawk
keyctl_search: Required key not available
Perhaps try the interactive 'ecryptfs-mount-private'
goshawk@ubuntu:~$ ecryptfs-mount-private
Enter your login passphrase:
Inserted auth tok with sig [50a77c517a0463e0] into the user session keyring

INFO: Your private directory has been mounted.
INFO: To see this change in your current shell:
cd /home/goshawk

goshawk@ubuntu:~$ cd /home/goshawk/
goshawk@ubuntu:~$ ls
Amule				  Music
Aptana Studio Workspace		  n900
bin				  Piano.pdf
Desktop				  Pictures
DeusSito_2010_03_26.zip_[lZ4293]  plecno2
Documents			  Public
Downloads			  Random Exercises.pdf
GrayHatPython.epub		  RegDid0809-509-CLSINFMi.pdf		  specialistica poli
GrayHatPython.pdf		  Templates
Immagine 1.png			  TimeShift-20100327T003250.m2t
Jocart.png			  Videos

Et VoilΓ . As you can see i was finally able to run an ls and see all my data correctly there. Mission Accomplished. πŸ™‚

Kubuntu: knetworkmanager and kdebluetooth sucks! let’s use better tools
How to bypass blocks

Leave a Reply

%d bloggers like this: