After new Ubuntu 15.04 installation, startup asks for password even though no disk encryption was set up

boot password encryption systemd

30,636

Solution 1

It's a known issue, should be fixed soon:

https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/1447282

In short: Under certain circumstances, systemd does not recognize encrpyted swap correctly and prompts for a password which has never been set. Swap is always encrypted in case encryption for home was activated as userdata might be swapped out and then become unencrypted.

Solution 2

This is not the correct solution and as Christian says in the comments bellow it will make it less secure. But if the encryption is not a priority for you you could use this workaround.

First find the partition that has the swap

sudo fdisk -l
[sudo] password for kempe: 

Disk /dev/sda: 233,8 GiB, 251000193024 bytes, 490234752 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: gpt
Disk identifier: B59D4149-AC8E-4B71-B51F-8926B2E82C14

Device         Start       End   Sectors   Size Type
/dev/sda1       2048    409599    407552   199M EFI System
/dev/sda2     409640 253319775 252910136 120,6G Apple HFS/HFS+
/dev/sda3  253321216 269320191  15998976   7,6G Linux swap
/dev/sda4  269320192 490233855 220913664 105,3G Linux filesystem

In my case swap is on /dev/sda3

then turn off swap

sudo swapoff -a

disable cryptswap

sudo cryptsetup remove /dev/mapper/cryptswap1

Remove the corresponding line in /etc/crypttab. I only had one line in there but you might have more so be sure that you remove the correct on

sudo vim /etc/crypttab

Setup new swap area (remember fstab output)

sudo /sbin/mkswap /dev/sda3
sudo swapon /dev/sda3

and finally fix fstab line

sudo vim /etc/fstab

replace /dev/mapper/cryptswap1 with /dev/sda3

Enable and disable encrypted swap - Ubuntu

Solution 3

I was able to solve this issue with the following steps:

From a command prompt, run gnome-disks

Find which device is your swap drive. Mine was /dev/sda3

ls -l /dev/disk/by-uuid/

Find the ID that is symlinked to your swap partition

sudo vim /etc/crypttab

On the line beginning with cryptswap1, change the UUID=… portion to /dev/disk/by-id/ID-HERE. Save and reboot.

If you are still prompted for a password, run:

sudo dd if=/dev/zero of=/dev/sdaX bs=512 count=20480

Reboot again.

Solution 4

Run sudo fdisk -l to find swap partition (i.e. /dev/sda6)

Grab UUID in /etc/crypttab or sudo blkid for /dev/sda6 (replace device with your swap)

Run sudo swapoff /dev/sda6

Run sudo mkswap -U UUID /dev/sda6 (replace UUID and device with your swap)

Append ,offset=1024 to the end of cryptswap line in /etc/crypttab

Add "/dev/mapper/cryptswap1 none swap sw 0 0" to /etc/fstab

Run sudo update-initramfs -u

Run sudo swapon -a

Check swap is active with sudo systemctl status /dev/mapper/cryptswap

Solution 5

This problem still exists even on Ubuntu 15.10. I've made temporarily solution - turned off encryption for the swap partition (home is still encrypted). This guide worked for me in this case. This passphrase request is no longer warring me on booting system and updating software.

Maybe, later I will turn on the encryption of the swap partition back (using the same guide), when I will know, that this bug is fixed.

View more solutions

30,636

timetofly

Updated on September 18, 2022

Comments

timetofly over 1 year

I installed a brand new SSD into my laptop and did a fresh install of Ubuntu 15.04, with NO system encryption used (only Home directory encryption). However, it still asks me for a password when booting (I just press Enter to skip):

Additionally, after doing the fresh install, upgrading packages also asks me for a password multiple times, which Enter also bypasses. The program is "systemd-tty-ask-password-agent", so the issue seems to be with systemd.

The relevant message in the terminal:

Please enter passphrase for disk Crucial_CT250MX200SSD4 (cryptswap1) on none! 
update-initramfs: deferring update (trigger activated)

Broadcast message from root@username-XPS-13-9343 (Thu 2015-04-30 22:06:22 EDT):

Password entry required for 'Please enter passphrase for disk Crucial_CT250MX200SSD4 (cryptswap1) on none!' (PID 4027).
Please enter password with the systemd-tty-ask-password-agent tool!

The full output from running the upgrade:

+username@username-XPS-13-9343:~$ sudo apt-get upgrade
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
  ca-certificates firefox gir1.2-gudev-1.0 libcurl3 libcurl3-gnutls
  libgudev-1.0-0 libnm-glib-vpn1 libnm-glib4 libnm-util2 liboxideqt-qmlplugin
  liboxideqtcore0 liboxideqtquick0 libpam-systemd libsystemd0 libudev1
  network-manager oxideqt-codecs systemd systemd-sysv tzdata udev
  usb-creator-common usb-creator-gtk wpasupplicant
24 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 47.9 MB/73.2 MB of archives.
After this operation, 2,989 kB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 http://us.archive.ubuntu.com/ubuntu/ vivid-updates/main libudev1 amd64 219-7ubuntu4 [40.8 kB]
Get:2 http://us.archive.ubuntu.com/ubuntu/ vivid-updates/main udev amd64 219-7ubuntu4 [929 kB]
Get:3 http://us.archive.ubuntu.com/ubuntu/ vivid-updates/main systemd-sysv amd64 219-7ubuntu4 [14.0 kB]
Get:4 http://us.archive.ubuntu.com/ubuntu/ vivid-updates/main libpam-systemd amd64 219-7ubuntu4 [108 kB]
Get:5 http://us.archive.ubuntu.com/ubuntu/ vivid-updates/main libsystemd0 amd64 219-7ubuntu4 [73.8 kB]
Get:6 http://us.archive.ubuntu.com/ubuntu/ vivid-updates/main systemd amd64 219-7ubuntu4 [3,531 kB]
Get:7 http://us.archive.ubuntu.com/ubuntu/ vivid-updates/main libcurl3-gnutls amd64 7.38.0-3ubuntu2.2 [172 kB]
Get:8 http://us.archive.ubuntu.com/ubuntu/ vivid-updates/main libcurl3 amd64 7.38.0-3ubuntu2.2 [180 kB]
Get:9 http://us.archive.ubuntu.com/ubuntu/ vivid-updates/main libgudev-1.0-0 amd64 1:219-7ubuntu4 [14.4 kB]
Get:10 http://us.archive.ubuntu.com/ubuntu/ vivid-updates/main libnm-util2 amd64 0.9.10.0-4ubuntu15.1 [134 kB]
Get:11 http://us.archive.ubuntu.com/ubuntu/ vivid-updates/main libnm-glib-vpn1 amd64 0.9.10.0-4ubuntu15.1 [14.4 kB]
Get:12 http://us.archive.ubuntu.com/ubuntu/ vivid-updates/main libnm-glib4 amd64 0.9.10.0-4ubuntu15.1 [84.7 kB]
Get:13 http://us.archive.ubuntu.com/ubuntu/ vivid-updates/main tzdata all 2015d-0ubuntu0.15.04 [178 kB]
Get:14 http://us.archive.ubuntu.com/ubuntu/ vivid-updates/main ca-certificates all 20141019ubuntu0.15.04.1 [191 kB]
Get:15 http://us.archive.ubuntu.com/ubuntu/ vivid-updates/main firefox amd64 37.0.2+build1-0ubuntu0.15.04.1 [40.1 MB]
Get:16 http://us.archive.ubuntu.com/ubuntu/ vivid-updates/main gir1.2-gudev-1.0 amd64 1:219-7ubuntu4 [5,564 B]
Get:17 http://us.archive.ubuntu.com/ubuntu/ vivid-updates/main wpasupplicant amd64 2.1-0ubuntu7.1 [768 kB]
Get:18 http://us.archive.ubuntu.com/ubuntu/ vivid-updates/main network-manager amd64 0.9.10.0-4ubuntu15.1 [754 kB]
Get:19 http://us.archive.ubuntu.com/ubuntu/ vivid-updates/main usb-creator-gtk amd64 0.2.67ubuntu0.1 [23.4 kB]
Get:20 http://us.archive.ubuntu.com/ubuntu/ vivid-updates/main usb-creator-common amd64 0.2.67ubuntu0.1 [23.7 kB]
Get:21 http://us.archive.ubuntu.com/ubuntu/ vivid-updates/main oxideqt-codecs amd64 1.6.5-0ubuntu0.15.04.1 [533 kB]
Fetched 47.9 MB in 1min 18s (613 kB/s)                                         
Preconfiguring packages ...
(Reading database ... 171469 files and directories currently installed.)
Preparing to unpack .../libudev1_219-7ubuntu4_amd64.deb ...
Unpacking libudev1:amd64 (219-7ubuntu4) over (219-7ubuntu3) ...
Setting up libudev1:amd64 (219-7ubuntu4) ...
Processing triggers for libc-bin (2.21-0ubuntu4) ...
(Reading database ... 171469 files and directories currently installed.)
Preparing to unpack .../udev_219-7ubuntu4_amd64.deb ...
Unpacking udev (219-7ubuntu4) over (219-7ubuntu3) ...
Processing triggers for man-db (2.7.0.2-5) ...
Processing triggers for ureadahead (0.100.0-19) ...
ureadahead will be reprofiled on next reboot
Processing triggers for systemd (219-7ubuntu3) ...
Setting up udev (219-7ubuntu4) ...
Please enter passphrase for disk Crucial_CT250MX200SSD4 (cryptswap1) on none! 
update-initramfs: deferring update (trigger activated)

Broadcast message from root@username-XPS-13-9343 (Thu 2015-04-30 22:06:22 EDT):

Password entry required for 'Please enter passphrase for disk Crucial_CT250MX200SSD4 (cryptswap1) on none!' (PID 4027).
Please enter password with the systemd-tty-ask-password-agent tool!

Processing triggers for initramfs-tools (0.103ubuntu15) ...
update-initramfs: Generating /boot/initrd.img-3.19.0-15-generic
(Reading database ... 171469 files and directories currently installed.)
Preparing to unpack .../systemd-sysv_219-7ubuntu4_amd64.deb ...
Unpacking systemd-sysv (219-7ubuntu4) over (219-7ubuntu3) ...
Processing triggers for man-db (2.7.0.2-5) ...
Setting up systemd-sysv (219-7ubuntu4) ...
(Reading database ... 171469 files and directories currently installed.)
Preparing to unpack .../libpam-systemd_219-7ubuntu4_amd64.deb ...
Unpacking libpam-systemd:amd64 (219-7ubuntu4) over (219-7ubuntu3) ...
Preparing to unpack .../libsystemd0_219-7ubuntu4_amd64.deb ...
Unpacking libsystemd0:amd64 (219-7ubuntu4) over (219-7ubuntu3) ...
Processing triggers for man-db (2.7.0.2-5) ...
Setting up libsystemd0:amd64 (219-7ubuntu4) ...
Processing triggers for libc-bin (2.21-0ubuntu4) ...
(Reading database ... 171469 files and directories currently installed.)
Preparing to unpack .../systemd_219-7ubuntu4_amd64.deb ...
Unpacking systemd (219-7ubuntu4) over (219-7ubuntu3) ...
Processing triggers for dbus (1.8.12-1ubuntu5) ...
Processing triggers for man-db (2.7.0.2-5) ...
Processing triggers for ureadahead (0.100.0-19) ...
Setting up systemd (219-7ubuntu4) ...
Please enter passphrase for disk Crucial_CT250MX200SSD4 (cryptswap1) on none! 
(Reading database ... 171469 files and directories currently installed.)
Preparing to unpack .../libcurl3-gnutls_7.38.0-3ubuntu2.2_amd64.deb ...
Unpacking libcurl3-gnutls:amd64 (7.38.0-3ubuntu2.2) over (7.38.0-3ubuntu2) ...
Preparing to unpack .../libcurl3_7.38.0-3ubuntu2.2_amd64.deb ...
Unpacking libcurl3:amd64 (7.38.0-3ubuntu2.2) over (7.38.0-3ubuntu2) ...
Preparing to unpack .../libgudev-1.0-0_1%3a219-7ubuntu4_amd64.deb ...
Unpacking libgudev-1.0-0:amd64 (1:219-7ubuntu4) over (1:219-7ubuntu3) ...
Preparing to unpack .../libnm-util2_0.9.10.0-4ubuntu15.1_amd64.deb ...
Unpacking libnm-util2:amd64 (0.9.10.0-4ubuntu15.1) over (0.9.10.0-4ubuntu15) ...
Preparing to unpack .../libnm-glib-vpn1_0.9.10.0-4ubuntu15.1_amd64.deb ...
Unpacking libnm-glib-vpn1:amd64 (0.9.10.0-4ubuntu15.1) over (0.9.10.0-4ubuntu15) ...
Preparing to unpack .../libnm-glib4_0.9.10.0-4ubuntu15.1_amd64.deb ...
Unpacking libnm-glib4:amd64 (0.9.10.0-4ubuntu15.1) over (0.9.10.0-4ubuntu15) ...
Preparing to unpack .../tzdata_2015d-0ubuntu0.15.04_all.deb ...
Unpacking tzdata (2015d-0ubuntu0.15.04) over (2015c-1) ...
Setting up tzdata (2015d-0ubuntu0.15.04) ...

Current default time zone: 'America/New_York'
Local time is now:      Thu Apr 30 22:20:06 EDT 2015.
Universal Time is now:  Fri May  1 02:20:06 UTC 2015.
Run 'dpkg-reconfigure tzdata' if you wish to change it.

(Reading database ... 171469 files and directories currently installed.)
Preparing to unpack .../ca-certificates_20141019ubuntu0.15.04.1_all.deb ...
Unpacking ca-certificates (20141019ubuntu0.15.04.1) over (20141019) ...
Preparing to unpack .../firefox_37.0.2+build1-0ubuntu0.15.04.1_amd64.deb ...
Unpacking firefox (37.0.2+build1-0ubuntu0.15.04.1) over (37.0+build2-0ubuntu1) ...
Preparing to unpack .../gir1.2-gudev-1.0_1%3a219-7ubuntu4_amd64.deb ...
Unpacking gir1.2-gudev-1.0 (1:219-7ubuntu4) over (1:219-7ubuntu3) ...
Preparing to unpack .../wpasupplicant_2.1-0ubuntu7.1_amd64.deb ...
Unpacking wpasupplicant (2.1-0ubuntu7.1) over (2.1-0ubuntu7) ...
Preparing to unpack .../network-manager_0.9.10.0-4ubuntu15.1_amd64.deb ...
Unpacking network-manager (0.9.10.0-4ubuntu15.1) over (0.9.10.0-4ubuntu15) ...

Broadcast message from root@username-XPS-13-9343 (Thu 2015-04-30 22:20:19 EDT):

Password entry required for 'Please enter passphrase for disk Crucial_CT250MX200SSD4 (cryptswap1) on none!' (PID 15391).
Please enter password with the systemd-tty-ask-password-agent tool!

Preparing to unpack .../usb-creator-gtk_0.2.67ubuntu0.1_amd64.deb ...
Unpacking usb-creator-gtk (0.2.67ubuntu0.1) over (0.2.67) ...
Preparing to unpack .../usb-creator-common_0.2.67ubuntu0.1_amd64.deb ...
Unpacking usb-creator-common (0.2.67ubuntu0.1) over (0.2.67) ...
Preparing to unpack .../liboxideqt-qmlplugin_1.6.5-0ubuntu0.15.04.1_amd64.deb ...
Unpacking liboxideqt-qmlplugin:amd64 (1.6.5-0ubuntu0.15.04.1) over (1.5.5-0ubuntu1) ...
Preparing to unpack .../liboxideqtquick0_1.6.5-0ubuntu0.15.04.1_amd64.deb ...
Unpacking liboxideqtquick0:amd64 (1.6.5-0ubuntu0.15.04.1) over (1.5.5-0ubuntu1) ...
Preparing to unpack .../liboxideqtcore0_1.6.5-0ubuntu0.15.04.1_amd64.deb ...
Unpacking liboxideqtcore0:amd64 (1.6.5-0ubuntu0.15.04.1) over (1.5.5-0ubuntu1) ...
Preparing to unpack .../oxideqt-codecs_1.6.5-0ubuntu0.15.04.1_amd64.deb ...
Unpacking oxideqt-codecs:amd64 (1.6.5-0ubuntu0.15.04.1) over (1.5.5-0ubuntu1) ...
Processing triggers for man-db (2.7.0.2-5) ...
Processing triggers for gnome-menus (3.10.1-0ubuntu5) ...
Processing triggers for desktop-file-utils (0.22-1ubuntu3) ...
Processing triggers for bamfdaemon (0.5.1+15.04.20150202-0ubuntu1) ...
Rebuilding /usr/share/applications/bamf-2.index...
Processing triggers for mime-support (3.58ubuntu1) ...
Processing triggers for dbus (1.8.12-1ubuntu5) ...
Processing triggers for systemd (219-7ubuntu4) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for hicolor-icon-theme (0.14-0ubuntu1) ...
Setting up libpam-systemd:amd64 (219-7ubuntu4) ...
Setting up libcurl3-gnutls:amd64 (7.38.0-3ubuntu2.2) ...
Setting up libcurl3:amd64 (7.38.0-3ubuntu2.2) ...
Setting up libgudev-1.0-0:amd64 (1:219-7ubuntu4) ...
Setting up libnm-util2:amd64 (0.9.10.0-4ubuntu15.1) ...
Setting up libnm-glib-vpn1:amd64 (0.9.10.0-4ubuntu15.1) ...
Setting up libnm-glib4:amd64 (0.9.10.0-4ubuntu15.1) ...
Setting up ca-certificates (20141019ubuntu0.15.04.1) ...
Setting up firefox (37.0.2+build1-0ubuntu0.15.04.1) ...
Please restart all running instances of firefox, or you will experience problems.
Setting up gir1.2-gudev-1.0 (1:219-7ubuntu4) ...
Setting up wpasupplicant (2.1-0ubuntu7.1) ...
Setting up network-manager (0.9.10.0-4ubuntu15.1) ...
Please enter passphrase for disk Crucial_CT250MX200SSD4 (cryptswap1) on none! 

Broadcast message from root@username-XPS-13-9343 (Thu 2015-04-30 22:20:47 EDT):

Password entry required for 'Please enter passphrase for disk Crucial_CT250MX200SSD4 (cryptswap1) on none!' (PID 19822).
Please enter password with the systemd-tty-ask-password-agent tool!

Please enter passphrase for disk Crucial_CT250MX200SSD4 (cryptswap1) on none! 
Setting up usb-creator-common (0.2.67ubuntu0.1) ...
Setting up usb-creator-gtk (0.2.67ubuntu0.1) ...
Setting up oxideqt-codecs:amd64 (1.6.5-0ubuntu0.15.04.1) ...
Setting up liboxideqtcore0:amd64 (1.6.5-0ubuntu0.15.04.1) ...
Setting up liboxideqtquick0:amd64 (1.6.5-0ubuntu0.15.04.1) ...
Setting up liboxideqt-qmlplugin:amd64 (1.6.5-0ubuntu0.15.04.1) ...
Processing triggers for libc-bin (2.21-0ubuntu4) ...
Processing triggers for ca-certificates (20141019ubuntu0.15.04.1) ...
Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....done.
username@username-XPS-13-9343:~$

Somebody posted a similar issue here, but that seems to be related to OpenVPN, which I am not using. I don't have the /etc/default/openvpn file anyway.

How do I fix this issue?

Kempe about 9 years

I have the same problem as you, i don't mind having to type password on boot but it's annoying having to type the password 10 times during update
Wolf over 7 years

If it helps anyone, my solution was to comment out the regular swap partition in /etc/fstab and to leave the cryptswap uncommented

timetofly about 9 years

Thank you! Only difference for me was that /dev/mapper/cryptswap1 didn't exist for me. I wonder what caused this. Might be a bug in the 15.04 installer.
Kempe about 9 years

Yeah probably. I did not enable it at least
Christian about 9 years

This anwer is DANGEROUSLY WRONG! It is actually breaking security. Swap-space is randomly encrypted too, when home is enrypted, as user-data might be swapped!! Actually, there seems to be a problem in systemd causing to prompt for a password even for randomly encrypted partitions but this solutions just breaks the concept of encryption!
Christian about 9 years

You had it. You probably didn't notice. Swap is always encrpted when home is enrypted. Seems to be a systemd-issue. There should be no prompt for a password as there is none. As data on swap is irrelevant after a reboot, the encrpytion-key is randomly generated on every boot. lists.launchpad.net/touch-packages/msg72437.html
Kempe about 9 years

yeah probably i just did not notice it, but the behaviour in 15.04 with password questions for everything you do and multiple times for every command is DANGEROUSLY annoying and might lead to permanent brain damage...
Christian about 9 years

Fine if breaking encryption is good enough for you. But womeone who cares about encryption might read this "solution" and as it was marked as correct don't realize that he is actually breaking encrpytion instead of fixing this issue, which resided somewhere else.
Kempe about 9 years

as i said i have updated the answer to include a warning
timetofly almost 9 years

Thanks for the heads up--I've unaccepted the other answer so as not to mislead others. Security is fairly important for me, so it would be really nice if you could add some instructions on how to safely reverse the steps provided by kempe (without breaking anything). Is there a safer workaround for now? And when they fix this, would it only affect new installations or existing ones also?
Kempe almost 9 years

You have how to reverse it in the link at the end of my answer
kd8azz almost 9 years

I wish there was a way to upvote this answer, but not increase its visible score. I think this answer has value, but only when it is clearly discouraged, which the -1 score contributes to. So Kudos, Kempe. That's all I can do.
Matt over 8 years

Was this ever fixed? I'm on 15.10 and I still have this issue.
Daniel almost 8 years

This problem still exists even on Ubuntu 16.04 LTS!!! Did the same, turned off encryption for the swap partition.
Deniz Acay over 7 years

How can I reverse this process? I've done this but later found a version of ecryptfs that fixed this bug.
Day about 7 years

Still not fixed in 16.04 LTS. This answer does have a workaround which worked for me.
Day about 7 years

+1 worked for me in 16.04 LTS. I did have to do the dd command and reboot again. Thanks!
mc.dev almost 6 years

If /dev/mapper/cryptswap1 file does not exist, you can use command 'lsblk --fs' to check partition id. After that you can use id to execute cryptsetup. Example: sudo cryptsetup remove <partition-id>