[clug] SSH Public key auth + Encrypted home dir
ben.coughlan at gmail.com
Mon Aug 24 05:37:13 MDT 2009
An interesting problem I just came across involving public key
authorisation to an SSH session when the user has an encrypted home
The symptom I was experiencing was that I couldn't log in over SSH
'unless' I already had a session open, and needing to log in locally
kind of defeats the purpose of SSH.
The problem was discussed here <https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/362427
> with a decent work around provided.
The jist is that sshd can't read your authorized_keys file while your
home directory is unmounted (and encrypted). Of course it's fine if
another session has already decrypted and mounted $HOME.
The work around moves authorized_keys to $HOME/.ssh on the filesystem
when $HOME is 'not' mounted. Which works fine.
My problem is that it requires the two authorized_keys files to be
kept in sync, lest I try and log in somewhere else simultaneously and
my key doesn't exist on whichever one is mounted.
Does anyone have a better idea? I'd like to avoid storing keys
outside of users home directories given the issues with permissions.
One further question: I've recently started using 'screen' and I'm
finding it quite nifty. How will it behave when I detach and log out
given that my home directory will be unmounted? (assuming I'm leaving
stuff running that may or may not be using my home dir)
More information about the linux