eCryptfs is deprecated

eCryptfs is deprecated and should not be used, instead the LUKS setup as defined by the Ubuntu installer is recommended. That in turn - for a typical remote server setup will need a remote key store as usually no one is there to enter a key on boot.

The TOC and page url are for ecrypts and not ecryptfs.

https://ubuntu.com/server/docs/security-ecrypts

Nice catch! I think I’ve updated all the links and URLs to eCryptfs.

1 Like

Per check with security, this section will be removed

[15:41] hi security, ecryptfs is essentially a carry over in the serverguid for ages
[15:41] eCryptfs is deprecated
[15:41] is that even still a recommended solution?
[15:42] are there known issues and it should be dropped from a security POV?
[15:42] or should we just try if it works and refresh the page if needed?
[16:20] cpaelzer we will look in to it,
[16:20] joe: you mean ecryptfs ?
[16:21] yeah let me know what the outcome is and then I can remove or polish it in our documentation
[16:22] cpaelzer: joe: just remove it, nobody should be using that anymore
[16:22] mdeslaur: yeah that is what was somewhere between my brains memory nodes
[16:22] mdeslaur: any great alternative to link to?
[16:23] cpaelzer: the alternative is full disk encryption, but I’m not sure that’s great on a server
[16:23] you’d need to use a remote key store
[16:23] with LUKS or with HW?
[16:23] with luks, in our installer
[16:24] ok so the default setup by the installer
[16:24] with the added pain of how to enter the PW on the server
[16:24] thanks mdeslaur
[16:24] cpaelzer: yeah, pretty much

I think (hope) it is enough to remove it from the index page, not sure what to do here.
People could find this page just as much, so best to remove it as well I guess - but then we will lose history.

If I convert this to an (almost) empty shell we can keep the discussion and have the content history.
That is what I’ll do for now.

1 Like