Ubuntu SSD with LUKS encryption

ubuntu dual boot illustrated site ubuntu dual boot windows 7 maverick meerkat

Ubuntu Encrypted USB Drive

Edited Friday January 18th 2013

This web-page is part of a larger site giving examples of how to install Windows+Ubuntu Linux operating systems 'dual boot' in a computer. Illustrated Dual Boot HomePage

This is not a dual boot installation.

The installation CD I used for this installation is called ubuntu-12.04-beta2-alternate-i386.iso,
md5sum 6158bf9f895c84eb6719082304d0a521 ubuntu-12.04-beta2-alternate-i386.iso

This webpage illustrates how to: use the Ubuntu 'Alternate Installation' CD to install Ubuntu in a USB External Drive will full drive encryption. Installing the operating system in a USB and having it be able to boot and run in pretty near any hardware is something most other operating systems than Ubuntu cannot do. Full file system encryption is an option that would cost you a lot of money with most other operating systems.
LUKS stands for 'Linux Unified Key Setup' and is extremely secure. Linux Unified Key Setup - Wikipedia
Official LUKS Website - code.google.com

Applies to: The installation technique shown here applies to Ubuntu 12.04 Precise Pangolin in particular and has been similar in all Ubuntu versions.

The length of time this install might take: Time not recorded yet, will vary widely according to limitations in the write speed of the USB interface and according the properties of the media used. SSD, HDD or Flash memory stick.

Important: Please read this website's entire Pre-install Page before beginning an installation in your own computer. The Pre-install Page contains information for helping you make the right preparations before you begin installing Ubuntu.
Backing up your important data before beginning any install is especially important.
Most of the other info in the pre-install Page is optional, but helpful.

Ubuntu Security - bodhi.zazen - Ubuntu Web Forums

[Solved] Gutsy encryption options on Alternate CD? - Ubuntu Web Forums

Encrypted Ubuntu 8.04 - Step-by-step installation tutorial with screenshots! - Softpedia

Running fsck on a LUKS encrypted partition in LVM - i, quaid

Rescue an encrypted LUKS LVM volume - Ubuntu geek

How to Resize a LUKS Encrypted File System - bodhi.zazen - Ubuntu Web Forums

HOWTO: Unlock a LUKS encrypted root partition via ssh - hyper_ch - Ubuntu Web Forums

This is not an official Ubuntu website

These three are | Ubuntu | Ubuntu Forums | Official Ubuntu Wiki

Here is a link to the Official Ubuntu Installation Guide's,
'How the Installer Works', it explains all about the Debian installer.
You should read that first and look at the illustrations in this website after that.

Here is a link to the Official Ubuntu Installation Guide's,
'Components Introduction' too.
I recommend reading the official documentation as well as looking at the pictures below here.

Although an SSD drive is ideal for an external USB drive because of their relative indestructability and superior performance, it is not necessary to use an SSD for this installation.

Hardware used for making this illustrated example installation is an Acer Aspire T-310 Desktop PC and a second hand laptop hard disk drive in a USB. I do not actually recommend using an external hard disk drive for this purpose because they're too fragile, but it's the best I have at the moment.
A USB flash memory stick of sufficient capacity would also be an excellent media to use.

The advantages of using the 'Alternate' install CD are that more choices are available for people who want to do something special with their install.

With the 'Alternate' Install CD you can,

install Ubuntu in a LUKS fully encrypted file system,
set up Ubuntu with LVM or software RAID,
perform an 'expert' install (for coping with machines with difficult hardware),
install ubuntu as a server, (without any 'GUI' (desktop),
the 'Alternate' CD's partitioner will work in a computer with 128 mb of memory and maybe less.
choose between GRUB and LILO boot loaders, or even install with no boot loader at all,
create pre-configured OEM systems,
set up automated deployments,
upgrade an older installation without network access.

To begin, you need to place your Ubuntu Alternate CD in your CD-ROM drive and re-start your computer.

You should see something like the illustration below in your monitor.

It is generally best to have the PC connected to the internet so the installer can use updated files from the internet if there are any.
If you don't have an internet connection or if you prefer not to use it the installation will be a little quicker and the installer will use the files in the CD. You can get updates later if you want to.

p2/001-12.04-alternate.png
Language Selection Screen

ubuntu languages.png by Elabra sanchez

ubuntu languages.png - credit to Elabra Sanchez - creative commons licence.

Ubuntu features language support for more languages than any other operating system.
Ubuntu language support link: Translations/ReleaseLanguages/9.10 - Ubuntu Wiki

Use the arrow keys on your keyboard to select the language you want to use for the installation and press enter.

If your CD didn't boot, enter your computer's CMOS (BIOS) and check to make sure your CD/DVD drive is set before the hard disk drives in the BIOS boot order. See this website's BIOS Page.

p2/002-12.04-alternate.png
From here you can choose one of the following,

Install Ubuntu -
Press your 'Enter' key to begin installing Ubuntu right away

Check the CD-ROM for defects
I recommend checking the CD for defects before using the CD for the first time. It only takes about five or six minutes. The intergrity of your downloaded .iso and subsequent CD burn is important for your security and for the

Test Memory
This option starts memtest86+, here's a link about that, memtest86+
There are 8 tests, and it takes about 1/4 to 1/2 an hour to complete one cycle. It's designed to keep repeating the cycle so you can let it run all night. Press'Esc' to exit memory testing after you try it out.
Note: To ensure you are testing the RAM modules and not your CPU internal and external caches (L1 and L2), you can enter your computer's CMOS (BIOS) first, and temporarily disable caching. Do remember to re-enable those again when you are finished or your computer may perform slowly.

Boot from first hard disk
this re-boots the computer. It's useful if your CD drawer gets stuck and your computer reboots to the CD when the installation is finished.

Rescue a broken system
(Rescue mode) is useful to people who already have Ubuntu installed and want to carry out maintenance and repair tasks.

F_ keys
You should try using your F1 to F6 keys to take a look through the menus listed across the bottom of the screen to see if there's anything useful to you there.

I selected 'Install Ubuntu' from the menu illustrated above and I pressed 'Enter'.

We are now proceeding with Setting up Ubuntu Installer and Hardware Configuration.
You may wish to refer to the above link to the official Ubuntu documentation for a more detailed explanation of what will be happening.

p2/003-12.04-alternate.png

Language Selection
This menu is for choosing the language you want for the operating system you are installing.
We already chose English for the installation process, but we could be installing Ubuntu in a computer that will be used by a friend who speaks some other language.

You need to use your arrow keys to scroll up or down the menu to select the language for the new operating system.

The 'Ubuntu Installer Main Menu' also offers an escape route in case something has gone wrong and you need to abort the installation and re-boot to fix something. Or it may be that you have suddenly realized you have made a mistake and wish to cancel everything and try again.
The <Go Back> option is shown in the lower left corner of almost every panel. Your 'Tab' key is the one to use throughout this installation for moving the red highlighting from 'Yes' to 'No' or 'Go Back'.
If you do find yourself wanting to do this, just be aware that the line for 'abort the installation' and it is right down below the bottom of your monitor's screen, and out of view. People may not realize they need to scroll down to find it. Highlight that and press 'Enter', and be ready to remove your CD from it's drawer or it will boot from the CD again before you know it.
This can be a very handy thing to know about. For one thing, it is useful if you need to go back one or two steps and repeat something you didn't get right.

The Ubuntu Alternate Installation CD is useful for more than just installing Ubuntu. There are also things you can do from the 'Ubuntu Installer Main Menu' later on, after the install. For example, if you need to re-install Grub or Lilo boot loaders to your MBR or to a partition, you might want to access these options from the Ubuntu Installer's Main Menu. You can also use the Ubuntu Install CD's partitioner to do partitioning work if you need to. Nowadays a GParted -- LiveCD is more commonly used for that.

p2/004-12.04-alternate.png

Country
USA is the default.
If you live in any other country you need to use your arrow keys to scroll up or down the menu to select your country.

p2/005-12.04-alternate.png

Detect Keyboard

I always choose '<No>' here, it saves time.
Use your 'tab' key to select 'Yes' instead if you have a special keyboard.

p2/006-12.04-alternate.png

Keyboard Origin
We mostly use the USA type of keyboard, even in Australia.

p2/007-12.04-alternate.png

Keyboard Layout
If you have some special kind of keyboard you may scroll up and down this menu and look for it.

p2/008-12.04-alternate.png
Detecting Hardware
The 'Detecting Hardware to find CD-ROM drives' step works fine when we're using a real CD or DVD as an installation media, but so far I have not been successful using the 'Alternate CD' when it has been copied into a USB drive. This thread in Ubuntu web forums looks as if it might contain the answer, Install 11.04 server from USB; fails, can't mount /cdrom , see post #3 by darkod. I haven't tried it yet.

p2/009-12.04-alternate.png
Scanning CD-ROM

p2/010-12.04-alternate.png
Loading additional components

p2/011-12.04-alternate.png
Detect network hardware

p2/012-12.04-alternate.png
Waiting for link-local address; please wait ...

p2/013-12.04-alternate.png
Attempting IPv6 autoconfiguration; please wait ...

p2/014-12.04-alternate.png
Configure the Network with DHCP

Network autoconfiguration has succeeded
If your computer is connected to the internet and there are updates available, newer versions of some files will be automatically downloaded so you'll have an up to date installation even if your CD is a few months old. If your computer is not connected to the internet the installer will use all the files in the CD and the installation will be a little faster. In the long run though, it will be quicker to install the most up to date files at installation time. Some of the updates could be important ones too.

p2/016-12.04-alternate.png

Configure The Network

You can make up any name you like here for your operating system.
Just press your backspace key to move the cursor a few places to the left to erase the name 'ubuntu', and then type in the name you want your new operating system to be called.

p2/017-12.04-alternate.png
users and passwords
I just type in my first name and surname here. You are allowed to use capital letters.
Whatever you type here will be remembered by your new system and used for automatically configuring some things like parts of your email account. Make sure you don't type anything foolish here because your e-mail recipients might be reading this some day.
When ready, press enter or tab to select '<Continue>', then enter.

p2/018-12.04-alternate.png
Your first name should automatically appear here as a default username. You can change it to a nickname if you want, and with numbers too if you like. (Check your numlock). Lower case letters only though, no capitals.

p2/019-12.04-alternate.png
password for new user
It is of vital importance to create a good, strong password for yourself in Ubuntu.

I suggest using a program to generate a random mix of upper and lower case letters and numbers and other characters and then using a pnuemonic to remember it with.

Make sure you don't forget your password or you won't be able log in to your new system.

You should avoid using the same passwords for more than one account, whether it be for banking or email or any other purpose.
It's a good idea to use a password manager to store all your passwords and keep them safe in encrypted form.

p2/020-12.04-alternate.png
re-enter your password to verify

p2/021-12.04-alternate.png
encrypt the home directory
Advantages of having an encypted /home are that your personal files will be protected from being accessed by unauthorised people without you needing to do anything special every time you want to open your files. The operating system will still be fairly quick.
Disadvantages are it might be more complicated to carry out some regular maintenance and repair tasks or rescue files after an operating system disaster.

For the ultimate in security, consider Installing Ubuntu in a fully encryped LUKS file system, illustrated in a different page of this website, see Ubuntu LUKS Encrypted Flash Memory Installation .
Disadvantages of a fully encrypted installation are that it runs a little slower, (detectable with benchtesting software), and it's a little more complicated to maintain and to rescue files from if things go badly wrong.

Without any encryption at all, maintenance and repair tasks and file backup and recovery will be simple.
I will still be able to use the seahorse program to encrypt certian individual files when I need to. See this website's Set up Seahorse.

I choose not to have an encrypted /home this time.

p2/022-12.04-alternate.png
Setting up the clock

p2/023-12.04-alternate.png
Configure the Clock

You need to use your arrow keys to scroll up and down the list and select a City in your time zone.

p2/024-26-12.04-alternate.png

Detecting Disks and Other Hardware

Loading additional components

Starting up the Partitioner

This is the END of STAGE 1 of the installation.

Start of stage 2, the partitioning stage of the installation

We are now about to begin the Partitioning and Mount Point Selection phase of the installation. You may wish to refer to the above link to the official Ubuntu documentation for a more detailed explanation of what can be done here.

/P19/027-12.04-alternate
For this installation we're choosing the fifth option, use an entire disk and set up encrypted LVM.

/P19/028-12.04-alternate In this illustration I am being shown a list of my hard disks.
The computer I am installing in now has only one hard disk at the moment, plus my USB external HD drive.
I'm selecting my second disk, which is my 40. GB USB HDD. You may use a USB flash memory stick of sufficient capacity instead or even better an SSD drive.

/P19/029-12.04-alternate
We are being reminded about which hard disk we have decided to format. This will be our last chance to change our minds and cancel the installation if we suddenly remember there might be some data on that disk we might want some day that hasn't been backed up.

Loading additional components

45%

Retrieving Partman

Please wait...

21%

Creating ext2 file system for /boot in

Starting up the partitioner

21%

Please wait ...

Guided Partitioning

45%

Starting up the partitioner

21%

Please wait ...

Partitions formatting

21%

Creating ext4 file system for / in partition #1 of LVM VG ocz-karmic, LV root...

End of the partitioning stage of the installation

We are now about to begin the Installing the Base System and Installing Additional Software stages of the installation. You may refer to the above links to the official Ubuntu documentation for more detailed advice about what happens next.

We are now about to begin the Setting up the System stage of the installation.
You may refer to the above link to the official Ubuntu documentation for more detailed advice about the questions you will be asked next.

p2.3/034-12.04-alternate.png
Installing The Base System
This takes a little while ...

p2.3/035-12.04-alternate.png
configuring apt
The apt system of package management is one of the great features Ubuntu inherits from Debian, which is the operating system Ubuntu is based on.

Packages are uploaded to certian internet repositories exclusively by registered programmers using the proper credentials. This is one reason why we're not bothered by malware in Ubuntu.
It is possible to enable other repositories with varying degrees of support and security.
If you still can't find the software you want, it's also possible to add extra repositories at your own risk.

p2.3/036-12.04-alternate.png
http proxy settings

Those who require these settings will know what to enter here.

I always just press enter to skip this question.

p2.3/037-12.04-alternate.png
configue apt

We are now beginning the Installing the Base System and Installing Additional Software stages of the installation. Please refer to the above links to the official Ubuntu documentation for more detailed advice about what happens next.

p2.3/038-12.04-alternate.png
select and install software

This process takes far more time than any other part of the installation.

Even in a fast computer a person would have time to go and do something else for a while.

p2.3/039-12.04-alternate.png
install grub

We are now about to begin the Making Your System Bootable part of the installation.
Please refer to the above link to the official Ubuntu documentation for more detailed advice about the options you can expect to be offered here.

The last time I tried installing to a USB with the 12.04 Precise Pangolin Alternate CD the installer correctly offered to install GRUB to MBR in the same hard disk as the rest of the operating system, (in the MBR of my USB).

Due to time limits, I have not yet managed to create a screen cap of this important step.
I intend to upload the correct image for this some time in the future.

p2.3/040-12.04-alternate.png
install grub to mbr
The best choice for most of us is to choose <Yes> and install GRUB to your MBR.
GRUB is the world's most advanced boot loader and even has its own command line interface, is fully customizable and functions as a boot manager as well.
Ubuntu will write the boot.img code for the GRand Unified Bootloader, known by the acronym GRUB, in the area of the MBR reserved for boot loader code. This will overwrite any boot loader code in the MBR that was previously put there, without affecting the disk 'signature', (UID) or the partition table.
This process will also embed sectors in the normally vacant first track of the hard disk with GRUB2's core.img file. The core.img file is for helping the MBR code to locate the Ubuntu partition, read the file system there and find the main body of GRUB, which is inside Ubuntu.
I have added some information in the 'MBR Page' of this web site for a more detailed explanation of what actually happens here.

When you should NOT choose <Yes> to install GRUB

If you have Bitlocker disk encryption in Windows or disk encrytion from a third party vendor such as Symantec or McAffee, you should not let any other boot loader touch the MBR of that particular hard disk, choose a different disk to install GRUB to and chainload the MBR of the Windows disk instead.

If you have some other special kind of setup like a hardware or software RAID array, you will need to do your own research about how GRUB will affect your particular setup.

If you choose <No> (not to install to MBR), you will be given an opportunity to specify somewhere else you might like GRUB installed. To view illustrations about what you can do if you don't want to install GRUB to MBR, visit the following link, <No>.

If you choose <Go Back> you will be placed in the 'Ubuntu Installer Main Menu', where you can scroll down just one line and install Lilo bootloader instead. See this website's LiLo Page.
There are choices available as to where you would like to install Lilo as well. The first sector of your Ubuntu partition is a popular choice for Lilo. To see illustrations about what you can expect if you take that route, visit the following link, <Go Back>.

If you are really worried, try making a GAG Boot Manager floppy or CD. Of course, you are not expected to make one in the middle of an install, but you can make one beforehand or afterwards if you need one.
GAG will boot Windows, but not Ubuntu. GAG will boot Ubuntu if either Lilo or GRUB is installed to the first sector of the Ubuntu partition or a /boot partition. Read this website's GAG page first. You'll find illustrated instructions on that page about what to choose in this step of the installation to set Ubuntu up for booting with GAG Boot Manager.

It is possible to continue the installation without installing any boot loader at all.
If you choose that, you will be able to boot your new Ubuntu from GRUB in another Gnu/Linux operating system or from GRUB in a CD, floppy disk or USB device. A basic knowledge of boot loaders and GRUB may be required to achieve this though.

I always choose <Yes> and install GRUB's boot.img to MBR and core.img to the first track of the hard disk.

p2.3/041-12.04-alternate.png

p2.3/042-12.04-alternate.png
finishing the installation

Here is the link to what the official Ubuntu documentation has to say about Finishing the Installation and Miscellaneous.

Please refer to the above links for the correct details about what happens.

p2.3/043-12.04-alternate.png
installation complete

At this point, my CD drawer pops open automatically and I remove my CD from it and press 'Enter'.
Some computers might not have a CD drawer with a mechanism to open the CD-ROM drawer automatically. If this is the case, you should remove your CD manually.

When I have installed GRUB to MBR, as most of us do, all I need to do is press 'enter', for the computer to re-boot and continue with the rest of the install.
For those who chose not to install Grub to the Master Boot Record of their first hard disk, now is the time to make sure that whatever you are re-booting with, (Super Grub Disk or GAG Boot Manager or the like), is ready and placed in its drive to re-boot the computer after you press 'enter'.

p2.3/044-12.04-alternate.png
finishing the installation

Booting your USB drive
The next major step is to reboot into your new Ubuntu operating system in your USB SSD or flash memory stick.

Since we chose not to install GRUB to MBR in our first hard disk, our computer isn't going to boot our USB flash memory installation by itself. We'll need to do something special to get our USB flash memory stick or SSD to boot for us.

If your computer has the GRUB in the computer you used for installing, you'll have no problem booting your USB flash memory stick from your GRUB's Command Line Interface.

What if you don't have GRUB?
If your computer doesn't have GRUB
One way you'll be able to boot would be from your BIOS. Here's a link to help people who don't know how to boot from the BIOS boot menu, How I boot from my BIOS

Another way would be to use a Super Grub Disk CD or floppy, Super Grub Disk Page.

NOTE: Not all computers are capable of booting from a USB drive.

p2.3/045-12.04-alternate.png
For some people, this will be the first time they will have ever seen the GRUB boot loader's Main Menu!

To use the GRUB boot loader, you just click 'Enter' and it will boot into Ubuntu.

If you don't click 'Enter', it will still boot Ubuntu anyway after ten seconds.

The GRUB boot loader will appear from now on every time you start or re-boot your computer.
It is possible to change the timer in it, and also to change the default boot preference, and a few other things.
For more detailed information about how to use GRUB Boot Loader in Ubuntu, visit this website's GRUB2 Pages and Legacy GRUB Page.

Don't do this now (we are still completing the new install), but in the future, if you wanted to boot Windows, or any other operating system on the list, you just use your arrow keys to highlight it with the white rectangle, and hit 'Enter'.

If you want it to wait until you make up your mind, press your 'pause' key.

Unlocking the disk /dev/disk/by-uuid/42635c42-0355-43d4-b4a2-161f1b5594cea (sdc1 crypt)
Enter Passphrase:_

Here's where we need to type our LUKS passphrase.

p2.3/046-12.04-alternate.png
ubuntu starting up

I get this neat vertical black and white striped pattern in my PC Chips Book PCs monitor.
... I don't know if it's normal.
Probably there's a nice usplash here that my old book PCs graphics can't support.

This image is from a camera photo, it was the only way, sorry about that.

p2.3/048-12.04-alternate.png
logging in

The new Precise Pangolin Login Screen is really nice!
I'm sorry I haven't been able to get a decent screen cap of it yet. All I have is this ugly digital photo which does not do the new login screen justice at all.

The mouse pointer is active in the login screen.

The top left-hand corner of the new log-in screen displays the system name.

In the top right-hand corner there are five icons.
The first icon offers 'Onscreen Keyboard,High Contrast or Screen Reader'.
The second icon gives me 'English (US), I imagine it might offer a selection of languages in a multi-lingual operating system.
Thr third icon is a volume control is case you don't want to wake the baby up with the Ubuntu Desktop opening drum-roll.
Then there's the clock with the drop-down calendar in month view - very nice, I like that!
Finally, the fifth button is the shut-down button.

Over on the left of the screen at mid-height we have the choice of loggin in to our own user account or a guest session. I imagine there would be a list there of all the user accounts in the same PC if I had any created.

TIP:
If you hover your mouse over the Ubuntu Symbol after your username, you may notice it becomes active and it's really an icon. Click on the Ubuntu icon and you'll get a menu where you can choose between Unity 3D and Unity 2D. Unity 3D is meant to be fancier, with more eye candy and special effects. Unity 2D is supposed to be faster.

p2.3/049-12.04-alternate.png
new desktop
This took one hour and thirty five minutes in my PC Chips 'Book PC'.

The next thing most Linux users want to do immediately after our new installation boots for the first time is to
get updates and start configuring, customising and adding software.

This website has its own Post-install Page which you're welcome to make use of, especially if you're a new user and not familiar with Ubuntu yet.

1. Update and upgrade
It's time to open up our repositories and get an update, install the software we want, and start configuring, personalizing and customizing our Ubuntu installation.
Here's a link to a page with some information to get you started, Post-install Page

2. Install Logical Volume Manangement GUI
'Applications'-->'Add/Remove Programs'-->'System Tools'-->'Logical Volume Management'.

LVM

Logical Volume Management allows you to do most of the operations from GUI that you can do with the command line LVM tools.
You can expand your operating system over more than one disk if you want and take snapshots of your operating system and restore from these snapshots later.

External Links:
Get to know Ubuntu's Logical Volume Manager - Linux.com

An introduction to Logical Volume Management - DistroWatch

Linux’s Logical Volume Management - David Hogue

RAID-5 Encrypted with Logical Volume Management - TJ

3. Optional - For Multibooters: Customize GRUB to show each Gnu/Linux installation's Hostname

edit /etc/grub.d/10_linux

gksudo gedit /etc/grub.d/10_linux

edit /etc/grub.d/10_linux as follows, (approximately lines 79 to 91),

linux_entry ()
{
os="$1"
version="$2"
recovery="$3"
args="$4"
if ${recovery} ; then
title="$(gettext_quoted "%s, USB-Pangolin with Linux %s (recovery mode)")"
else
title="$(gettext_quoted "%s, USB=Pangolin with Linux %s")"
fi
printf "menuentry '${title}' ${CLASS} {\n" "${os}" "${version}"
cat << EOF

And in all other operating systems in other disks and partitions, append the following line to /etc/lsb-release: HOSTNAME=<Hostname>

NOTE: This is how to edit the file in your other Ubuntu installations(s),

DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=11.04
DISTRIB_CODENAME=natty
DISTRIB_DESCRIPTION="Ubuntu 11.04"
HOSTNAME=T-310-Narwhal

Where: 'T-310-Narwhal' is the host name for the installation which owns this /etc/lsb-release file.

This is the command for updating /boot/grub/grub.cfg with the changes.

sudo update-grub

Whenever update-grub is run, (or when Grub-Customizer is started), this causes the Grub Menu Lines for all other Gnu/Linux installations to display the OS host names for those operating systems.

If you have another Ubuntu or other Gnu/Linux distro, and you would like to be able to identify which is which in your GRUB Menus, this hack seems to work well for me.

Open /etc/grub.d10_linux with gedit text editor

Add your operating system's host name to the line that looks like this.

This will cause your operating systems host name to appear in its own GRUB Menu.

Open your other operating systems /etc/lsb-release file, and append a line like this one.

After this your systems host names should appear in your GRUB Menus.
Your encrypted operating system cannot be read, of course, but other Gnu/Linuc installations will be listed in your encrypted installations GRUB Menu.

4. Run 'sudo apt-get clean'
Optional - This is only useful if you have installed in a small disk and you need to regain some disc space.
Linux file systems work best if the file system is kept less than about 80% full.
The command for checking file system usage is 'df -h',

df -h

Software packages come in .deb files which are downloaded from the internet and stored in /var/cache/apt/archives/, and after the software has been installed, the left-over .deb files remain in /var/cache/apt/archives/ in case they're ever needed again. Normally, I like to leave them there so I can make a backup of them if I ever need to re-install for some reason. (Sometimes I do some risky experiments). That way I don't need to re-download them all from the internet again.
In a USB flash memory stick where I don't have the spare disk space, it's often best to get rid of all those .deb packages sitting around in there, not doing anything.

The quickest and easiest way to do that is to run 'sudo apt-get clean',

sudo apt-get clean

Now to check again and see if that made any difference,

df -h

In my 4 GB USB flash memory installation, my disk usage was reduced from 77% used to 68% used, so I cleared a significant proportion of my disk space.
In a larger disk, this command might be a waste of time, and actually, those with slow internet speeds or a low monthly bandwidth allowance might want to do the opposite and make a backup of their /var/cache/apt/archives instead.

5. SSH Networking
Control your home computer and access all your stored data in it from anywhere you may travel with your USB flash memory stick.

Install your SSH Networking software in your home or office computer running Ubuntu and set up 'port forwarding' to your internet modem. SSH stands for 'Secure SHell'. The port you use will be password protected and your password and data will be transferred securely over the internet in encrypted form. There are some extra security precautions you can add as well if you think they're necessary. See this website's SSH Network page.

How To Mount Your Encypted file System

Sometimes you may want to mount your encypted file system from some other Ubuntu operating system so you can access information or transfer file for making backups, or for whatever reason.

In a support installation such as Live CD or in a different Ubuntu installation,

sudo apt-get install lvm2 cryptsetup

sudo modprobe dm-crypt

'Places' --> '__ GB file system', and click on the icon to mount the file system.

If you are using a Live CD you need to install this software every time you boot when you want to work on LUKS encrypted partitions.
If you have a USB installation with persistence or a full Ubuntu installation you only need to install the softwware packages once for the life of the operating system.

How To Run a File System Check on a LUKS Encrypted Partition.

It is normal to run a file system check from a Live CD or USB operating system or some other Gnu/Linux installation in a hard drive. Never run a file system check on a file system if it has already been mounted. Unmount it first if necessary.

sudo blkid | grep crypto_LUKS

The feedback from command should tell you which partitions in your computer are LUKS Encrypted.

Let's pretend we found out there's a LUKS Encrypted partition at /dev/sdb7 from the output of the above command,

sudo cryptsetup luksOpen /dev/sdb7 luks-disk

This command is for unlocking the encrypted volume and you can be expected to be asked for your passphrase.
In this example it will appear in /dev/mapper as '/luks-disk', but you can make up any name you want in place of 'luks-disk'.
Remember to replace '/dev/sdb7' with the appropriate disk and partition number for your own individual set-up.

sudo blkid | grep luks-disk

This command is for checking to see what file system the encrypted partition has. Ext4 is currently the most popular, but it could have been formatted with any file system.

Now you can go to this website's File Systems and Mounting Page and find whatever file system commands you may want to use.

sudo e2fsck -C0 -f -v -p /dev/mapper/luks-disk

In this example, the file system in the encrypted partition is an ext4 file system, so I used e2fsck for the file system check.
Other file system commands are possible, including setting a file system label or whatver you want.

How to Chroot
You may never need to do this, but ocassionally it's necessary to fix the operating system when things go wrong and this is one way to do that. It may save you the need to re-install.

To chroot into the encrypted file system, first mount the file system as described above, and then follow the steps shown below.

ls /media

Please replace the word 'mountpoint' as it appears in the commands below here with the name of your own mountpoint, usually you can find that out by running ls /media.

sudo mount -o bind /proc /media/mountpoint/proc

sudo mount -o bind /dev /media/mountpoint/dev

sudo mount -o bind /dev/pts /media/mountpoint/dev/pts

sudo mount -o bind /sys /media/mountpoint/sys

sudo cp /etc/resolv.conf /media/mountpoint/etc/resolv.conf

sudo chroot /media/mountpoint /bin/bash

do whatever it is you needed to fix the problem,

When you're done,

root@ubuntu:/# exit

This exits the chroot to hard disk and returns you to a normal shell in the LiveCD.

sudo umount /media/mountpoint/proc

sudo umount /media/mountpoint/sys

sudo umount /media/mountpoint/dev/pts

sudo umount /media/mountpoint/dev

sudo umount /media/mountpoint

These three commands unmount the file systems we had mounted.

exit

Close the terminal

NOTE: You can make a script for chrooting and another for exiting from the chroot if you want to automate this process and make it easier for you, although you probably won't need to do this very often.

How To Make Your Own LUKS Encypted Partition

(For storing backups copies of your encrypted data)

You will probably want to keep backup copies of your data. Almost everyone does that and it's highly recommended. There is a chance of your backup media being lost, stolen and accessed by unauthorised people. Unless you keep it locked in a safe. Most of the time data backups contain sensitive personal information and maybe passwords and other private stuff.

This how-to will show you how to make your very own LUKS encrypted file system in a partition in a hard disk or in a USB drive.

sudo apt-get install lvm2 hashalot cryptsetup

This command is for installing the required software and only needs to be run once in the life of the operating system.
This command may not be needed in recent versions of Ubuntu.

sudo modprobe dm-crypt

This command is for loading the required kernel module and only needs to be run once in the life of the operating system.
This command may not be needed in recent versions of Ubuntu.

Now plug in your hard disk or USB drive if it isn't already plugged in.
We need to find out the Linux /dev/sdxy style disk and partition number for the disk we want to format.

sudo fdisk -lu

The fdisk command is for taking a look at your disks and partitions. You can use the blkid command too if you like and or you can use GParted to take a look around. I actually recommend using GParted if you have it installed.
The important thing is to make sure you know the disk and partition number for the partition you want to format with a LUKS encrypted file system.

The commands soon to be performed below will erase all data on the chosen partition, so make sure you get this right and then double check it again to make sure.

The file system needs to be unmounted before teh disk can be reformatted,

sudo umount /dev/sdb7

NOTE: Replace /dev/sdb7 with whatever disk and partition number you found in the previous fdisk command above.
Alternatively, you can umount the partition in GParted if you were using it.

sudo cryptsetup --verbose --verify-passphrase luksFormat /dev/sdb7

NOTE: Replace '/dev/sdb7' with appropriate device number as used above.
This command will erase all data from the given partition so you will be asked to confirm by typing YES.
You will be asked for a passphrase and you will need to type the same passphrase again to confirm.

sudo cryptsetup luksOpen /dev/sdb7 luks-disk

This command will make your new luks encrypted partition available in /dev/mapper as 'luks-disk'.
You can all it whatever you want instead of 'luks-disk', it's not important what you call it.
You will be asked to type your new passphrase.
This command may be useful again in the furure prior to running file system checks or other maintainance tasks.

ls -al /dev/mapper

This command is not important for this operation and just for looking in /dev/mapper to show you where it's located.
In the future you might need to look for it here for the purposes of running maintainance and repair tasks such as file system checks or if it contains an operating system, for chrooting to update and repair the operating system.

sudo mkfs.ext4 /dev/mapper/luks-disk

This time we're going to run a command to format the partition with a new ext4 file system in the encrypted partition.

sudo e2label /dev/mapper/luks-disk LUKS-USB-1000GB

This command sets a humanly readable file system label. It will be automatically mounted with this label rather than a long UUID hash, and will be easy for the human user to identify.

This part is a little messy. If you try to access your new encrypted partition from GUI by opening your file browser and going 'Go;, 'Computer' and looking for the icon to click on it you'll find won't open. It can't be unmounted either.
Make sure GParted is not still open.
If it's a USB drive you might try unplugging it and then plugging it back in again. Ubuntu should ask for your new password and it should be automatically mounted and opened for you.
Or if it's a fixed drive or a partition in a fixed internal drive, reboot. You should be able to access your new encrypted partition from GUI by opening your file browser and going 'Go;, 'Computer' and looking for the icon to click on.

Probably you will find you do not have permissions to read and write to the new drive and you will need to chmod the mount point before using the drive for the first time.

sudo chmod 777 /media/LUKS-USB-1000GB

Now you can go ahead and copy all of your personal files into your new LUKS encrypted drive and sleep well knowing your secrets are safe.
It is recommended to always keep two copies of backups in case anything happens to one copy, so you may need at least two of these drives.