How do I password protect my USB installation?

Forum: Other Help Topics
Topic: How do I password protect my USB installation?
started by: mreintz

Posted by mreintz on July 06 2006,10:13

Hi all,

I'm no stranger to Linux but I'm a bit new to DSL's way of saving some information and not other. I've tried a lot of Googling before resorting to asking you guys. Maybe I'm just a bad Googler, but I'd sure appreciate some help.

OK, what I've got right now is the embedded version of the 3.0.1 revision of DSL running on my USB key (this one: < ftp://ibiblio.org/pub....d.zip). > I've not installed it to my hard disk and I'm not booting from the USB key; I'm just running the dsl-windows.bat script.

I've set up the environment as I like it with RSA keys and e-mail accounts and want to use it as my "PortaLinux" when I'm travelling. My only problem is security! How do I password protect this?? I've tried:

$ sudo passwd dsl

This apparently lets me set up a password, but I'm never prompted for it when I reboot.

adding "secure" to the dsl-windows.bat script

This prompts me for passwords, but when I reboot it prompts me again! I want it to ask for the password I stated before!

adding "protect" to the dsl-windows.bat script

This apparently makes a new file image encrypted with my key, but where do I retrieve it? The next time I boot it just prompts me again, and if I boot without the "protect" option I'm back to the unprotected image.

I realize I'm 99% being very stupid about this but I really can't figure it out.

A big thanks to anyone who can help me on this!

Posted by mreintz on July 07 2006,12:23

Pretty please...?

Posted by roberts on July 09 2006,01:17

It is protect that you would want to use.
And pick a password of 8 or more characters.

But, once done, then delete the back.tar.gz otherwise
without the password the backup.tar.gz would be loaded up.

Without the backup.tar.gz and without the correct password then the backup.des is not loaded.
Using protect boot option makes the backup triple des protected.

Posted by mreintz on July 09 2006,07:30

Hey thanks! I knew it had to be something like that. I'll try it out as soon as I can get my hands on a Windows box. BTW, when I tried this out earlier it looked as though it would prompt me for a new password each and every time I booted with the PROTECT option. Did I remember incorrectly or am I supposed to use the PROTECT keyword when starting the image and some other when booting an already existing image?

I guess I'll be able to find out once I've got that Win box :-)

Again, thanks!

Posted by mreintz on July 09 2006,18:17

Hi again,

I've tried this, and still can't figure it out. If I leave the PROTECT keyword in the "dsl-windows.bat" file, it will always prompt me for a new password every time I boot the image. If I remove it, it backs up to my unprotected image, as you said.

I tried finding and removing the backup.tar.gz file as instructed, but can't find it anywhere. In the "linux file system" I did a find / backup* to no avail. In the Windows file system there's no such thing. There is a 60MB file called "harddisk" which seems to contain the entire image. There's another one called KNOPPIX which seems to contain the OS. If I delete "harddisk", it will *not* re-generate itself.

I've tried to see if there are any new files popping up, but there aren't. What am I missing?? :-(

I'd really appreciate some more help, since apparently I'm a total n00b ;-)

Posted by roberts on July 09 2006,19:26

Posted by mreintz on July 09 2006,20:23

Quote (roberts @ July 09 2006,15:26)

protect when first used, having no prior .des file will restore the existing backup.tar.gz, then upon a normal shutdown an encrypted .des backup file will be created using your protect passwd. At this point I do not automatically delete the old exising backup.tar.gz file. It is up to you to do this step.

Okay, but I cannot find the backup.tar.gz file. Where is it?

upon subsqeuent booting, the protect option is not asking for a new password but the password that must match that which was used to encrypted the backup file.

This does not happen to me. I think QEMU does not find my .des file, because it prompts for a new password (twice), then proceeds to boot a whole new "plain" image.

If it does not match then no restore will occur, unless, of course, you did not remove the old backup.tar.gz. That is why I instructed you to remove it. Otherwise it can become confusing.

Your second issue is a Qemu issue. Qemu with default setting has no access to real drives, only a virtual harddrive which does contain the starting backup.tar.gz. You should not remove the harddrive unless you become more familiar with Qemu and its support files, including their image file creation tools.

I think I'm not getting you, I'm sorry :-( Isn't it enough to use the image in the "harddisk" file? Do I need to make a real hard disk partition in order to protect it? Or am I supposed to unpack the harddisk file to get to the backup.tar.gz file? If so, how?

Hi again,

Please see further questions inserted above. I'm sorry for being so dense ;-)

Posted by mreintz on July 15 2006,10:41

Hi again,

Well, I guess I'll never figure this out. I don't know where the backup.tar.gz or backup.des files are, and I don't see how I can make QEMU boot from one and not the other. If any of you know what I'm not seeing I sure would appreciate a pointer or two, preferably in a less cryptic format :-(

BR