[clug] SSH Public key auth + Encrypted home dir

Jeremy Kerr jk at ozlabs.org
Mon Aug 24 06:56:01 MDT 2009


> The jist is that sshd can't read your authorized_keys file while your
> home directory is unmounted (and encrypted).  Of course it's fine if
> another session has already decrypted and mounted $HOME.

You could change the server's AuthorizedKeysFile configuration, to look in a 
common folder (/etc/sshd/authorized_keys/$USER perhaps?), rather than than 
within the user's home dir (which is overwritten during the mount). Then just 
symlink ~/.ssh/authorized_keys to this file.

This way you only have one copy of the authorized_keys file, and it'll be 
available both before and after login.

However, this still doesn't solve the issue you'll have next, which is that 
your encrypted filesystem won't be mounted when logging in via ssh (since the 
ssh authentication never has your logon password). You can always mount it 
manually though.



More information about the linux mailing list