[clug] SSH Public key auth + Encrypted home dir

Robert Edwards bob at cs.anu.edu.au
Tue Aug 25 20:00:02 MDT 2009


Michael Cohen wrote:
> On Tue, Aug 25, 2009 at 9:41 AM, Robert Edwards<bob at cs.anu.edu.au> wrote:
>> You would need to be especially careful about backing up this directory
>> (it now contains everyone's private keys...) and NFS autohome stuff will
>> need to be rethought, if you use that.
> 
> Didnt the OP talk about the authorized_keys file? This file contains
> public keys only which should be ok (they are not secret).  The only
> threat is if another user can insert their own key into a different
> user's authorized_keys file in that shared directory. I think openssh
> is really picky about permissions too, so if the permissions are too
> loose it will refuse to use it (This might also be a problem with
> central shared authorized_keys files). It also looks at directory
> permissions.
> 
> Is it possible to just separate home directories into /home/user/ and
> /crypthome/user/ ?
> 
> I have never really understood the advantage that per user crypted
> home dir give you. It seems that the threat model is to prevent one
> user from reading another user's encrypted files, but this is normally
> enforced by system permissions. If a user is able to bypass system
> permissions (e.g. if they are root) they can easily also extract
> encryption keys when a user logs in to decrypt their home dir (or just
> copy said user's files when they log in and decrypt them). I can
> understand volume encryption as protection against a stolen laptop
> etc, but encrypting just the home dir seems to suggest you dont trust
> the system you are running on.
> 
> Michael.

I completely agree. There may be _some_ material one wants to store in
their home directory that requires heightened security, but surely not
the whole home directory (depends on what you are doing, I suppose).

One system I run has a cryptoloop-mounted file-system that lives in a
file in my home directory. When I want to do something I might be a
little more paranoid about, I can loopback mount this file as a f/s
and do what I need, then unmount it again. File gets backed up with
the rest of my home directory.

Could also do this with a USB memory stick, although I would lose out
on having it backed up...

Another approach I will get around to investigating one day is to have
a whole encrypted VM in my home directory. I can bring up this VM when
I want to do something I am more sensitive about, then shut it down
again when I have finished. VM can be moved to different systems and
run as required.

Having an encrypted swap partition might be a good idea...

Cheers,

Bob Edwards.



More information about the linux mailing list