I just did a security patch upgrade on an Ubuntu Karmic server. I know, Lucid is out but I'm not ready to jump on that bandwagon with any more servers yet.

Immediately after the upgrade, I noticed that SSH logins took literally forever and were followed by:

timeout in locking authority file: .Xauthority

It turns out that something with this latest upgrade caused my home directory to not be writable by... me. This was definitely not a problem before the upgrade. I'm assuming it will only affect those using encrypted home directories.

Quick fix: after logging in as myself, I did:

sudo chmod u+w /home/[yourdirectory]

It didn't have to be done recursively because all of the subdirectories had retained their permissions.

This HOWTO assumes you are already an Ubuntu 8.04 or 8.10 server administrator, and have a good level of understanding that goes along with that. If you don't know how to use "vi" or "nano", or you don't understand basics of XML files, this tutorial is not for you.

With so many companies experiencing data breaches due to external backup media, we take a bit of extra precautions with our data. Considering that we deal with electronic medical records, having our backups encrypted is a necessity.

Our workflow system creates backup DVD's of data, but restoring from those DVD's would take weeks at best due to the sheer volume of information we store. I've never been a fan of using magnetic media for backups, particularly hard drives, but in this case we have one copy of the data on DVD's and just need a media that allows for faster restores.

We decided to use external 1 TB USB hard drives from Western Digital. This left us with the challenge of encrypting the data, and making the backup drives easily swappable without needing root access.

Getting Ready

First, a few packages are needed. In our Ubuntu servers we had to install the following (your mileage may vary):

sudo apt-get install cryptsetup hashalot hal pmount ivman
  

I've had several "subscriptions" for PGP Whole Disk Encryption. What I didn't truly understand when I spent my ungodly amount of money on them was that after a year you don't just stop getting "subscription support." If you don't re-up, your hard drives decrypt and the software is crippled. Apparently now they are offering a "perpetual license" for less than I paid for my "subscriptions."

Yeah... how nice. Talk about money down the drain.

I also attempted over a week ago to contact their customer support because I purchased the original licenses through CDW and I no longer use them as a vendor. The only response I received was an automated "someone will contact you within 24 hours." Apparently their 24 hours is much, much longer than mine.

So, I'm now in the process of decrypting several laptops (12 hour process each), then installing TrueCrypt, a free open-source package that provides the same functionality of PGP Desktop, and re-encrypting the drives with the new software.