[clug] SSH Public key auth + Encrypted home dir

Ben Coughlan ben.coughlan at gmail.com
Mon Aug 24 05:37:13 MDT 2009

An interesting problem I just came across involving public key  
authorisation to an SSH session when the user has an encrypted home  

The symptom I was experiencing was that I couldn't log in over SSH  
'unless' I already had a session open, and needing to log in locally  
kind of defeats the purpose of SSH.

The problem was discussed here <https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/362427 
 > with a decent work around provided.

The jist is that sshd can't read your authorized_keys file while your  
home directory is unmounted (and encrypted).  Of course it's fine if  
another session has already decrypted and mounted $HOME.

The work around moves authorized_keys to $HOME/.ssh on the filesystem  
when $HOME is 'not' mounted.  Which works fine.

My problem is that it requires the two authorized_keys files to be  
kept in sync, lest I try and log in somewhere else simultaneously and  
my key doesn't exist on whichever one is mounted.

Does anyone have a better idea?  I'd like to avoid storing keys  
outside of users home directories given the issues with permissions.

One further question:  I've recently started using 'screen' and I'm  
finding it quite nifty.  How will it behave when I detach and log out  
given that my home directory will be unmounted?  (assuming I'm leaving  
stuff running that may or may not be using my home dir)

Ben Coughlan

More information about the linux mailing list