[clug] SSH Public key auth + Encrypted home dir

[Michael Cohen]

On Tue, Aug 25, 2009 at 9:41 AM, Robert Edwards<bob at cs.anu.edu.au> wrote:
> You would need to be especially careful about backing up this directory
> (it now contains everyone's private keys...) and NFS autohome stuff will
> need to be rethought, if you use that.

Didnt the OP talk about the authorized_keys file? This file contains
public keys only which should be ok (they are not secret).  The only
threat is if another user can insert their own key into a different
user's authorized_keys file in that shared directory. I think openssh
is really picky about permissions too, so if the permissions are too
loose it will refuse to use it (This might also be a problem with
central shared authorized_keys files). It also looks at directory
permissions.

Is it possible to just separate home directories into /home/user/ and
/crypthome/user/ ?

I have never really understood the advantage that per user crypted
home dir give you. It seems that the threat model is to prevent one
user from reading another user's encrypted files, but this is normally
enforced by system permissions. If a user is able to bypass system
permissions (e.g. if they are root) they can easily also extract
encryption keys when a user logs in to decrypt their home dir (or just
copy said user's files when they log in and decrypt them). I can
understand volume encryption as protection against a stolen laptop
etc, but encrypting just the home dir seems to suggest you dont trust
the system you are running on.

Michael.