Cloud services and Encryption on Astra Linux

Relevance: Users requiring two popular and useful cloud services. Enhancement of secure and convenient access to encrypted data is described in section 3, as applied to your encrypted disk. This post follows-up on the installation of Astra Linux described in a previous post.

1. Dropbox

Many readers are no doubt familiar with this service. You can connect three devices without a paid subscription, and you can enjoy 2 GB of cloud space as well. Scripts that I need to deploy on multiple computers are kept in my Dropbox. I usually install Dropbox as a first step on a new installation.

32 bit: 

cd ~ && wget -O - "https://www.dropbox.com/download?plat=lnx.x86" | tar xzf -
64 bit: 

cd ~ && wget -O - "https://www.dropbox.com/download?plat=lnx.x86_64" | tar xzf -

You can immediately run Dropbox from a terminal at this point by issuing this command 


~/.dropbox-dist/dropboxd


Or forgo the terminal command for the following procedure instead

Fly Auto-start

This procedure will set Dropbox to run whenever you login to your account. From the Start menu, open Control Center and select the Settings menu from the sidebar. Now, open the Fly Autostart program. Select “Ad Program” from the bottom left. When the next dialog box opens click on the folder icon to the right of the data field to select a program. The Home directory opens. Hover over the open space of the Home directory and right click the mouse and select “Show Hidden”. Find the directory ./dropbox-dist and open it, then click on dropboxd A Dropbox directory will appear in your home directory that is constantly synced to your cloud content. There is no GUI and none is really required. You can drag and drop from the browser to or from the directory on your computer to avoid any share links of any updated files being altered. If a file has the identical name, the old one will be updated and the share link will remain the same. If you run scripts, remember to prefer the copy operation instead of moving files. The copy command will retain the share links. The mv command will alter the share link. This may change in the future but remains true at the time of publishing this post.

2. Yandex-disk

This is one of the most affordable and reliable services. Installation is slightly more complicated, but with this complexity comes the power to customize the folders you wish to sync to your computer. The available commands can be found at the link above, under the commands and parameters section.

Install Yandex Software Keys


Run these two commands separately in a terminal. Open the terminal conveniently using the default hotkey: “Alt+T”, on a freshly-installed Astra Linux system. 

wget -O YANDEX-DISK-KEY.GPG http://repo.yandex.ru/yandex-disk/YANDEX-DISK-KEY.GPG

sudo apt-key add YANDEX-DISK-KEY.GPG

Add The Yandex Repository


CReate a new source.list file and insert the repository information. 

sudo nano /etc/apt/sources.list.d/yandex-disk.list

Insert this line into the text file that opens in the nano text editor software. 

deb http://repo.yandex.ru/yandex-disk/deb/ stable main

After inserting the line, hold down CTRL+X and confirm that you wish to save the file by pressing “Y”
Now, run the update command, followed by the command to install Yandex-disk. 

sudo apt-get update

sudo apt-get install yandex-disk

Exclude Some Directories

Read this section and follow the procedure if you want to exclude some directories from syncing to your computer. If you want to sync ALL your Yandex-disk directories, then proceed directly to Yandex-disk Setup.
Examine your Yandex folders in any browser, making a note of all the names of directories you do not intend to have appear on your computer.
Make a directory where Yandex-disk will find the config file.


mkdir ~/.config/yandex-disk



Create a config file and include the names of the directories you want to exclude. Multiple directories must be separated by commas. By way of example: 


exclude-dirs="your directory,another of your directories,Yet another directory"

Open a new file and insert the code as in my example, including the names of YOUR DIRECTORIES 


nano ~/.config/yandex-disk/config.cfg

Save the file and exit by CTRL+X and confirm that you wish to save the file by pressing “Y”.

Yandex-disk Setup

Install the software. The file you just created will be further written to during the installation process, but you needn’t worry about it. You can examine the file if something didn’t work as expected. 

yandex-disk setup


You should now consider if you’re using a proxy server. A prompt appears, answer accordingly. Would you like to use a proxy server? [y/N]: n
You should now log in to your Yandex account in your browser to complete the verification. Read the prompts that appear during the installation carefully.
Take a close look at the messages and find the 8-digit-code that you need to enter in the browser at the page ya.ru/devices, in order to verify you are the owner of the content in the cloud. The message reads as follows:
Go to the page https://ya.ru/device and enter ‘eight-digit-code’ within 300 seconds. Make sure you’re logged in to the browser with the right account.
Token saved to /home/yourname/.config/yandex-disk/passwd
Enter path to Yandex.Disk folder (Leave empty to use default folder ‘/home/yourname/Yandex.Disk’): Would you like Yandex.Disk to launch on startup? [Y/n]: y
A directory will appear in the location of your choice (usually at Home/Yandex.Disk. It will be constantly synced to your Yandex.Disk content.
A useful command at this point: 

yandex-disk status

3. LUKS encryption

If you followed the instructions contained in a previous post on this blog, you now have a system installed to a Logical Volume (lvm). The group of volumes is encrypted with a passphrase (referred to as ‘keys’ in this post), existing inside a LUKS encrypted partition. The volume group contains, at bare minimum, a swap volume, a volume mounted as root (mount point: /), and a volume mounted as home (mount point: /home). For convenience, it is useful to add keys to any encrypted partition. Different users can use their own key for convenience. If one key is forgotten, a second or third one can be used to decrypt the same data. Keys can also be removed at any point. A LUKS version 1 partition, can hold up to 8 keys.

The procedure for adding a key to an existing LUKS partition:

Identify the UUID of all encrypted volumes present in the system by running this command in a terminal (open the terminal conveniently using the default hotkey: “Alt+T”, on a freshly-installed Astra Linux system). 

sudo cat /etc/crypttab

If a LUKS volume exists, a unique identifier of the partition (UUID) will be displayed when the command above is run. You should now insert your unique UUID into the following command. For the purpose of demonstration here, UUID=000000e0-0002-40b5-ac37-0002f00000ee6 

sudo cryptsetup luksAddKey UUID=000000e0-0002-40b5-ac37-0002f00000ee6

To add or remove a key, you will need an existing passphrase. That key should be entered, then a new key entered. You need to enter the new key twice. Retain the key securely, preferably in a password manager and on paper as well as memorized by the user.

4. Veracrypt

VeraCrypt provides portable and cross-platform encryption solutions which can be used in addition to LUKS encryption. Installation is very simple (current Astra Linux versions including version 7.1.5 require the Debian 10 package for Veracrypt. CLI and GUI installations of Veracrypt are available. Simply click on the Debian 10 deb package (32 or 63 bit) and install the software by clicking on the package after saving the package to your disk drive.

I hope you have found some of this useful. You can find me at ZOVRAN