[clug] SSH Public key auth + Encrypted home dir

Ben Coughlan ben.coughlan at gmail.com
Mon Aug 24 06:40:46 MDT 2009


On 24/08/2009, at 10:26 PM, steve jenkin wrote:
>
> Any reason you encrypt the whole of $HOME/ ?
>
> Having it unreadable breaks a lot of assumptions:
> like ~/.ssh and ~/.profile & X-11 rc files ...
>
> Could you get the same effect by moving $HOME to $HOME/enc and leaving
> all the config files 'in clear' in $HOME?
>
> You could use an unionfs (overlay/transparent) mount if your O/S
> supported it.
> [Ie. $HOME has just enough scaffolding. ~/.profile starts the crypto
> filesystem (getting passphrase from terminal) and overlays onto $HOME]
>
> HTH
> s

I'm using the encrypted home directory support built in to Jaunty.  I  
think it manages to cope with most startup configs by mounting the  
encrypted drive really early during a log on.

The only problem with .ssh is that it's needed 'before' a log on is  
established.

Ben



More information about the linux mailing list