How to Recover an Encrypted Home Directory on Ubuntu

While the home-folder encryption in Ubuntu is far from a perfect solution (there is considerable data leakage from the swap file and the temp directory - for example once I've observed the flash videos from Chromium porn private browsing mode being present in the /tmp directory), it is a partial solution nevertheless and very easy to set up during installation. However what can you do if you need to recover the data because you dismantled your system?

Credit where credit is due: this guide is taken mostly from the Ubuntu wiki page. Also, this is not an easy "one-click" process. You should proceed carefully, especially if you don't have much experience with the command line.

Start Ubuntu (from a separate install, from the LiveCD, etc) and mount the source filesystem (this is usually as simple as going to the Places menu and selecting the partition). Start a terminal (Alt+F2 -> gnome-terminal) and navigate to the partitions home directory. Usually this will look like the following:

cd /media/9e6325c9-1140-44b7-9d8e-614599b27e05/home/

Now navigate to the users ecryptfs directory (things to note: it is ecryptfs not encryptfs and your username does not coincide with your full name - the one you click on when you log in)

cd .ecryptfs/username

The next step is to recovery your "mount password" which is different from the password you use to log in (when it asks you, type in the login password used for this account - for which you are trying to recover the data). Take note of the returned password (you can copy it by selecting it and pressing Shift+Ctrl+C if you are using the Gnome Terminal)

ecryptfs-unwrap-passphrase .ecryptfs/wrapped-passphrase

Now create a directory where you would like to mount the decrypted home directory:

sudo mkdir /media/decrypted

Execute the following and type in (or better - copy-paste) the mount password you've recovered earlier

sudo ecryptfs-add-passphrase --fnek

It will return something like the following. Take note of the second key (auth tok):

Inserted auth tok with sig [9986ad986f986af7] into the user session keyring 
Inserted auth tok with sig [76a9f69af69a86fa] into the user session keyring

Now you are ready to mount the directry:

sudo mount -t ecryptfs /media/9e6325c9-1140-44b7-9d8e-614599b27e05/home/.ecryptfs/username/.Private /media/decrypted
 Passphrase:  # mount passphrase
 Selection: aes
 Selection: 16
 Enable plaintext passthrough: n 
 Enable filename encryption: y # this is not the default!
 Filename Encryption Key (FNEK) Signature: # the second key (auth tok) noted

You will probably get a warning about this key not being seen before (you can type yes) and asking if it should be added to your key cache (you should type no, since you won't be using it again probably).

That's it, now (assuming everything went right) you can access your decrypted folder in /media/decrypted. The biggest gotcha is that home/username/.Private is in fact a symlink, which - if you have an other partition mounted - will point you to the wrong directory, so you should use the home/.ecryptfs/username directory directly... If this does work you try this from this ubuntu tutorial ...

Or you can also try this Live CD method of opening a encrypted home directory

How to remove icons from Top-Taskbar on Gnome

You are using the Gnome-Classic interface - either you are using this by choice, or you are using the fallback  mode which occurs if your graphics card & driver doesnt the 3D Acceleration required for the full Gnome-Shell GUI.

To add and remove application launchers in the gnome-panel you need to:

Press Win+Alt and right-click the top menu bar - N.B. Win is the Windows Symbol key

If you are not using Compiz then you need to :

Press Alt and right-click the top menu bar

Much more information is described in the linked Q&A and other links in that answer.

How to Install vsftpd on Ubuntu and Add New User

Warning: FTP is inherently insecure. If you must use FTP, consider securing your FTP connection with SSL/TLS. Otherwise, it is best to use SFTP, a secure alternative to FTP.

The first two letters of vsftpd stand for "very secure" and the program was built to have strongest protection against possible FTP vulnerabilities.

Step One—Install vsftpd

You can quickly install vsftpd on your virtual private server in the command line:

sudo apt-get install vsftpd

Once the file finishes downloading, the VSFTP will be on your droplet. Generally speaking, it is already configured with a reasonable amount of security. However, it does provide access on your VPS to anonymous users.

Step Two—Configure vsftpd

Once vsftpd is installed, you can adjust the configuration.

Open up the configuration file:

sudo nano /etc/vsftpd.conf

The biggest change you need to make is to switch the Anonymous_enable from YES to NO:

anonymous_enable=NO

Prior to this change, vsftpd allowed anonymous, unidentified users to access the server's files. This is useful if you are seeking to distribute information widely, but may be considered a serious security issue in most other cases.

After that, uncomment the local_enable option, changing it to yes and, additionally, allow the user to write to the directory.

local_enable=YES

write_enable=YES

Finish up by uncommenting command to chroot_local_user. When this line is set to Yes, all the local users will be jailed within their chroot and will be denied access to any other part of the server.

chroot_local_user=YES

Save and Exit that file.

Because of a recent vsftpd upgrade, vsftpd is "refusing to run with writable root inside chroot". A handy way to address this issue to is to take the following steps:

Create a new directory within the user's home directory

mkdir /home/username/files

Change the ownership of that file to root

chown root:root /home/username

Make all necessary changes within the "files" subdirectory

Then, as always, restart:

sudo service vsftpd restart

Step Three—Access the FTP server

Once you have installed the FTP server and configured it to your liking, you can now access it.

You can reach an FTP server in the browser by typing the domain name into the address bar and logging in with the appropriate ID. Keep in mind, you will only be able to access the user's home directory.

ftp://example.com

Alternatively, you can reach the FTP server on your virtual server through the command line by typing:

ftp example.com

Then you can use the word, "exit," to get out of the FTP shell.

Adding New Users To vsftpd

I found it rather strange that there arent any good tutorial that can explain how to add new users to vftpd. Google gives few results but most of them are trial and error method. So i decided to write this post after spending 1 hr trying to accomplish this simple task.

#edit /etc/vsftpd.conf or /opt/etc/vsftpd.conf
Open the vsftpd.conf file and search for chroot_list_enable=YES
Make sure it is YES. Do the same for the following variables
chroot_list_file=/etc/vsftpd.chroot_list or /opt/etc/vsftpd.chroot_list
chroot_list_enable=YES
Save and close the file

Create vsftpd.chroot_list in /etc/ or /opt/etc/
Add the username you want to export to ftp.
IMP: The user must already be a system user with a valid passwd. You must be able to find /home/
If the user you want to add is not a system user then create that user first before editing the above file.
#adduser 
#passwd 

Restart the vsftpd server using /etc/init.d/vsftpd restart or service vsftpd restart
Now you can log into ftp using the new user.

How do You Install XvidCap on uBuntu 12.04 Distro

Xvidcap is a small tool to capture things going on on an X-Windows display to either individual frames or an MPEG video. This software is not present in the Ubuntu 12.04 repository by default. You can get a copy of the distributed binary in the form of a .deb package at the following link.

https://launchpad.net/ubuntu/precise/amd64/xvidcap/

Once you download this package, go ahead and install the package with the following command. The amd64 package given as example is for 64 bit machine.

$ sudo dpkg -i xvidcap_1.1.7-0.2ubuntu12_amd64

In case if the above command fails giving out errors, please note that Xvidcap depends on libavdevice-extra-53 package. So go ahead and install this package first with the following command.

$ sudo  apt-get install libavdevice-extra-53

By default, the Ubuntu 12.04 comes with libavcodec53 package. This conflicts with the  libavdevice-extra-53. In such a case, feel free to go ahead and replace the libavcodec53 package with libavdevice-extra-53. This satisfies the dependency requirement for Xvidcap.

Once done with setting dependencies, you can then install the Xvidcap package.