Can't open encrypted HDD

36 replies [Last post]
hack and hack
Offline
Joined: 04/02/2015

This internal HDD is displayed in Nautilus,
and I am prompted to input the passphrase.
But it doesn't work.

It was encrypted during the install.

On another machine, I had to open gnome-disks as sudo,
then I could open the HDD.

Isn't it better (and possible) to just unlock from the normal user?

albertoefg
Offline
Joined: 04/21/2016

Open it with root.

Change file and directory permissions to proper user or group

hack and hack
Offline
Joined: 04/02/2015

Thanks a lot albertoefg. I'll try from the CLI since sudo Nautilus doesn't look right (even if I installed nautilus-admin).

EDIT: It seems I should use gksu (or gksudo), but those seem deprecated. I'll read a bit more about these.

hack and hack
Offline
Joined: 04/02/2015

additional info: sudo nautilus looks weird (not only the GTK), the disk isn't displayed.

hack and hack
Offline
Joined: 04/02/2015

pkexec nautilus (after installing nautilus-admin and restarting) gives me:
Error executing command as another user: not authorized.

hack and hack
Offline
Joined: 04/02/2015

I donwloaded a policykit agent, and modified the path in .xinitrc to launch it on startup and rebooted.

Now I have (authenticating as the normal user and inputting the sudo passphrase when asked for):
polkit-agent-helper-1: error response to Policykit daemon: GDBus-Error: org.freedesktop.PolicyKit1.Error.Failed: no session for cookie
==== AUTHENTICATION FAILED ===
Error executing command as another user: Not authorized

albertoefg
Offline
Joined: 04/21/2016

What happens when you decrypt and open with a terminal?

albertoefg
Offline
Joined: 04/21/2016

Try gksudo nautilus it will look different because root has its own themes. Don't worry. With Nautilus decrypt it and check permission.

You said you opened it as root before. Once I did that and after that my normal user didn't have the permissions to use the disk :/
It was weird.

hack and hack
Offline
Joined: 04/02/2015

But isn't gksudo deprecated? But I can install it and try, no problem.

I've never opened this one yet, but I do open external encrypted HDD on my other PC but with gnome-disks, and with sudo.

hack and hack
Offline
Joined: 04/02/2015

Oh right, I forgot this option ^^"
Let me figure out how and I'll try.

hack and hack
Offline
Joined: 04/02/2015

OK, gksudo gave me the exact same result as sudo:
* odd display
* no access to the locked drive

I still have pkexec to fix hopefully (since it's the recommended way), and through the command line (most likely like this: https://askubuntu.com/questions/63594/mount-encrypted-volumes-from-command-line).

albertoefg
Offline
Joined: 04/21/2016

Don't forget to reboot, sometimes it helps. Or power PC off and turning it on

hack and hack
Offline
Joined: 04/02/2015

Right, I forgot.
Unfortunately, no luck with gksudo anyway.

As for pkexec,
I want to try again:
* On another machine with gnome shell, the command "pkexec env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY" is the only one that worked.
* it's odd as no files related to nautilus in the /usr/share/policykit1/actions, whereas installing nautilus-admin installed it on the non-working machine.

albertoefg
Offline
Joined: 04/21/2016

What's the output of

cat /etc/fstab

albertoefg
Offline
Joined: 04/21/2016
hack and hack
Offline
Joined: 04/02/2015

I find in fstab the 3 logical volumes /root /home and /swap, and /boot.
The 2 other HDD which I can see in Nautilus (but can't in sudo nautilus) are not there.

Anyway, I'm off the computer for a few days, but please keep the ideas coming.

Even better: isn't there a file manager that just works?
Thunar and PCmanFM don't automount thumbdrives easily, and definitely can't turn off/spin down an eternal HDD.
And Nautilus is buggy as root.

This tip looks interesting in addition to PCmanFM or Thunar (from https://askubuntu.com/questions/633027/eject-usb-drive-action-for-pcmanfm):
In lxpanel right-click and select 'Add / Remove Panel Items'. Add a new 'Application Launch Bar' and position it before (or somewhere around) 'Digital Clock' that should be already there. In the newly added 'Application Launch Bar' add as application the 'Preferences / Disks'. This is the gnome-disks application that comes with Lubuntu.
If you need to do something with your disks, then just click the Disks icon in the panel. You select the disk and Power Off from the top menu.
This is same as handy as 'Safely remove hardware' in Windows OS, and the above positions it more or less in same place as the Windows has it in desktop.

Automounting drive has to work though. It seems it's possible if PCmanFM is runn as a daemon.

But frankly I'd rather have Nautilus properly working as root.
I will have to dig through this https://wiki.archlinux.org/index.php/Polkit#Authentication_agents

albertoefg
Offline
Joined: 04/21/2016

This is the reason why I use parabola now.

I read somewhere that "stable" is usually not, as many bugs are fixed constantly, and the quality of the GNU/Linux software is better everyday.

That convinced me and I am happy on parabola now :)

I would suggest you to try it. After all you use I3wm and it seems like Parabola and i3wm are perfect match. Thats what I use after all.

hack and hack
Offline
Joined: 04/02/2015

I'm tempted. What about constant fixes and all that?
Is it really troublesome, or only something to check before updating?

EDIT: After reading the installation guide, the Debian expert text install looks easy in comparison.
Most likely too much for me.
Maybe I should try Debian unstable.

Btw, in the earlier post, I meant obviously "internal HDD". There's no known way to stop/spin down an "eternal" HDD yet :P

albertoefg
Offline
Joined: 04/21/2016

The hardest part is the installation.

But if I could do it I am sure you can.

I have encrypted drive with F2FS file system. Most things work perfectly.

You can watch a few videos on how to install arch and if you want something special you can tell me maybe I can help you.

I've had less problems with parabola than Fedora, Ubuntu or Trisquel.

More software and easier management after installation.
And all the bugs I've filled are fixed within a day.
Debian ain't bad option though.

hack and hack
Offline
Joined: 04/02/2015

Even PCmanFM as root doesn't display my drives (displayed as non-root).
It's kind of reassuring for Nautilus with gksudo (besides the odd looks).
Less regarding pkexec, but oh well.

It's less reassuring regarding unlocking my drives.
Well, I can reformat them with Gparted if I have to.
I'll try gnome-disks first.

albertoefg
Offline
Joined: 04/21/2016

Did you try with the other machine, the one that did work to open the disk and change file permissions??

Mangy Dog

I am a member!

I am a translator!

Offline
Joined: 03/15/2015
hack and hack
Offline
Joined: 04/02/2015

No worries, the HDD is encrypted but empty for now. Thanks though, this might work just fine.

EDIT:
* I mounted the drive
* I unlocked it
* I formatted the partition as ext4
* I changed the owner and group as the user
* I could see the drive in Nautilus at this point, but no way to get inside if not using sudo Nautilus
* After rebooting, I can't open gnome-disks as root, and neither can I unlock the drive as non-root, regardless of the modifications I've made.

This is officially the buggiest/most haunted install I've ever done up to this point.

hack and hack
Offline
Joined: 04/02/2015

It's complicated, it's an internal HDD, and the working machine is a laptop.
It might work with gnome-disks as sudo or gksudo, I didn't try yet.

albertoefg
Offline
Joined: 04/21/2016

:/

Hope it works.

hack and hack
Offline
Joined: 04/02/2015

I didn't succeed in opening gnome-disks as root.
G_IS_DBUS_CONNECTION failed
G_IS_DBUS_PROXY failed

Just a quick recap about this hacked install:
* encrypted internal HDD not recognized as root (same with different file managers).
* I can input the passphrase as the normal user, but opening is "not authorized".
* pkexec doesn't work (and when it works on a working machine, the command is too complex/long)
polkit-agent-helper-1: error response to Policykit daemon: GDBus-Error: org.freedesktop.PolicyKit1.Error.Failed: no session for cookie
==== AUTHENTICATION FAILED ===
Error executing command as another user: Not authorized

* I tried system updates
* Trying Parabola is a good last resort
* Oh, I can try to reformat it with Gparted, forgot about that.
* I can try again Ranger, though I'm not comfortable with it (and sometimes the mouse is faster than the keyboard). EDIT: "Ext. drives can be mounted with udev or udisk". Headache... Forgetaboutit.
* Repeatedly, I've read that running a graphical file manager as root is a bad idea. Still, this is a very specific case. But I still have to try via the command line interface.

hack and hack
Offline
Joined: 04/02/2015

I reformatted the drive with Gparted:
* I can only use Gparted as root, therefore the drive is owned by root.
* changing the rights sems to work this time.
* I can encrypt again from there, and hopefully I'll be able to make it accessible from non-root Nautilus.

I can most likely encrypt the drive after the install, but it's not normal.
I've looked at the Parabola install process, it's beyond the time I want to invest in it.
I can try to encrypt manually first, and see how it goes, then I can try yet another fresh install.

I can't see why I'd need to add myself to the input group (never had to do that before, though I've never had to leave /boot unencrypted either), and why accessing encrypted drives during the install is so complicated.

hack and hack
Offline
Joined: 04/02/2015

Nautilus sees and unlocks an encrypted external HDD amazingly well.
I'll try encryption again on the internal HDD and see how it goes. If it works, I most likely did something wrong during the install.

Here's a possible reason why Nautilus doesn't see the internal HDD: The path I told it to be mounted on wasn't on /media but on /home. https://askubuntu.com/questions/207288/nautilus-does-not-display-drives-properly

hack and hack
Offline
Joined: 04/02/2015

After yet another install, I configured the drives to be mounted on /media/folder1 and /media/folder2.

I was rewarded with systemd's cyclone eye. Great.

So Since I'm getting tired of all these bugs (not strictly Trisquel related), I'll just encrypt them after the install with this https://davidyat.es/2015/04/03/encrypting-a-second-hard-drive-on-ubuntu-14-10-post-install/

Hopefully this will work.

hack and hack
Offline
Joined: 04/02/2015

After encrypting the HDD and enabling the keyfile,
I can't access the console anymore.

After booting and unlocking the main drive (SSD), it tries to unlock the newly encrypted HDD with the keyfile, and...
I'm into emergency mode, and it says the root account is locked.

Of course it's locked, I didn't even have the time to input my username and passphrase.
I guess it's better than the cyclone eye...

Chances are it's the modifications if fstab that did it (from the little I could gather). I'll try chrooting.
Here's what I did, following the tutorial:
/dev/mapper/sdb1_crypt /media/folder ext4 defaults 0 2

I followed everything to the letter, so to speak.
I don't understand what's going on.

hack and hack
Offline
Joined: 04/02/2015

I don't know how to chroot.
Following this guide(https://stephentanner.com/restoring-grub-for-an-encrypted-lvm.html), vgscan is nowhere to be found on the LiveCD.
Also, I'm not even sure I'm unlocking the proper path.

Legimet
Offline
Joined: 12/10/2013

From the Live CD, install the package lvm2.

hack and hack
Offline
Joined: 04/02/2015

Thank you, now I'm in. Well, I couldn't mount /usr ("write-protected", then "does not exist").

But I can access fstab anyway.
I don't know what to change though.
I commented the new lines out for now, and I can access my install again.

I'll read a bit more about fstab for now.

hack and hack
Offline
Joined: 04/02/2015

* I still can't access my drives without decrypting them and mounting them.
* one of the drives isn't even encrypted yet, and I can't mount it in nautilus. I must mount it from the CLI (can't just click on it to mount because I need root privileges).
sudo chown : / -R doesn't change a thing. Neither does rebooting.
* fstab is supposed to take care of that, but... right, I need to check both xorg and some other log.
* I can see both drives though because I labeled them from /media in Gparted. But they're invisible in pkexec nautilus (pkexec nautilus kinda works after sudo -i).

hack and hack
Offline
Joined: 04/02/2015

Here's the journalctl -xb log:
https://pastebin.com/bBJt2zEj
Some lines are supposed to be in black (don't seem like errors), some are in red.
I remember one about the CPU thermal probe not working or something.
But what interest us is the repeating lines in the end, about cryptsetup, or anything crypt really. A quick search should get you there.

And the one for Xorg, since I noticed some errors during the boot process:
https://pastebin.com/UNFWTNxS

hack and hack
Offline
Joined: 04/02/2015
hack and hack
Offline
Joined: 04/02/2015

The "plain" option did the trick.
Another possibility is that it was an incomplete entry in crypttab (while the other HDD wasn't configured... ), but I don't feel like checking at this point.

So it was complicated, as usual, but it's solved at last.