[clug] SSH Public key auth + Encrypted home dir

[Ben Coughlan]

An interesting problem I just came across involving public key  
authorisation to an SSH session when the user has an encrypted home  
directory.

The symptom I was experiencing was that I couldn't log in over SSH  
'unless' I already had a session open, and needing to log in locally  
kind of defeats the purpose of SSH.

The problem was discussed here <https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/362427 
 > with a decent work around provided.

The jist is that sshd can't read your authorized_keys file while your  
home directory is unmounted (and encrypted).  Of course it's fine if  
another session has already decrypted and mounted $HOME.

The work around moves authorized_keys to $HOME/.ssh on the filesystem  
when $HOME is 'not' mounted.  Which works fine.

My problem is that it requires the two authorized_keys files to be  
kept in sync, lest I try and log in somewhere else simultaneously and  
my key doesn't exist on whichever one is mounted.

Does anyone have a better idea?  I'd like to avoid storing keys  
outside of users home directories given the issues with permissions.

One further question:  I've recently started using 'screen' and I'm  
finding it quite nifty.  How will it behave when I detach and log out  
given that my home directory will be unmounted?  (assuming I'm leaving  
stuff running that may or may not be using my home dir)

Cheers,
Ben Coughlan