You can use ssh keys as long as the keys live outside of the encrypted directory. Your home directory is encrypted until you authenticate, and your keys are stored in your home directory by default, hence the (obvious) problem. Ssh + password works because your password lives in /etc/shadow, which is outside your encrypted home directory and thus available to the system before you authenticate.
On Wed, Dec 22, 2010 at 12:49 PM, John Jardine <[email protected]> wrote: > Hi Neil, > > I was using ssh with a password. > > Cheers, > J. J. > > > On Wed, 2010-12-22 at 10:20 -0700, Neil B wrote: >> Hmmm...pardon the 20 questions...just trying to decipher why there >> would be different outcomes to apparently the same setup. :) >> >> John, how are you logging in remotely? SSH keys or password? >> >> I had mine set up to disable passwords on SSH and had restricted it to >> just using keys. >> >> ~Neil B. >> >> On Tue, Dec 21, 2010 at 8:05 AM, John Jardine >> <[email protected]> wrote: >> Hi Neil, >> >> The first time I was and realized that being logged in had >> tainted the >> test. >> >> I rebooted the machine and then logged in to it a second time >> - this >> time remotely - no problems. >> >> Cheers, >> J.J. >> >> >> On Tue, 2010-12-21 at 07:17 -0700, Neil B wrote: >> > Hey John, >> > >> > Just curious. Were you logged on to the box while also >> connecting to >> > it remotely? >> > >> > Cheers! >> > >> > ~Neil B. >> > >> > On Mon, Dec 20, 2010 at 10:09 PM, John Jardine >> > <[email protected]> wrote: >> > Hi, >> > >> > I lost a drive today and that prompted a new >> install. I chose >> > Ubuntu >> > 10.10 x64 Desktop to check it out. >> > >> > I configured it to have an encrypted home directory >> - not full >> > disk >> > encryption. >> > >> > I can reboot this machine and then ssh to it >> successfully. >> > This is >> > counter to your experience. I can't explain what or >> why this >> > is >> > different though. >> > >> > I have not bothered to check the directory by >> booting from >> > another disk >> > and checking it out - I'll leave that for the >> paranoid:) >> > >> > I did pickup on one part of the install when it gave >> > instructions on >> > access without logging in. I was asked to configure >> a secure >> > passphrase >> > to use to manually access my home directory. It >> said to use a >> > tool >> > 'ecryptfs-unwrap-passphrase'. >> > >> > I haven't messed with it yet - everything is still >> at the >> > stage where >> > "it just works" so I'm loath to fix that:) >> > >> > Cheers, >> > J.J. >> > >> > >> > >> > On Sun, 2010-12-05 at 21:59 -0700, shawn wrote: >> > > I tried the encrypted home directory and ran into >> problems >> > with SSH to >> > > that box via ssh keys. Which makes sense - the >> keys are >> > encrypted and >> > > can't be read until you login. But you can't >> login without >> > the keys... >> > > Guess it would make sense for a desktop that will >> be >> > unlikely to be >> > > connected TO via ssh. Either that or I missed a >> step >> > somewhere. >> > > >> > > I'm running Kubuntu 10.10 now with an encrypted >> drive. The >> > install >> > > process was pretty straight forward and everything >> is >> > working as >> > > expected (with a new *buntu install - sound >> issues, data >> > migration, >> > > etc.) I still want to encrypt a drive manually >> from the >> > command line >> > > just to learn the details, but the docs I've seen >> are old >> > (2007ish or >> > > earlier) and make a lot of assumptions about base >> knowledge >> > making the >> > > docs difficult to read. >> > > >> > > Shawn >> > > >> > > On 10-12-05 04:42 PM, Gustin Johnson wrote: >> > > > On Thu, Dec 2, 2010 at 11:12 PM, >> > Shawn<[email protected]> wrote: >> > > >> I'm looking for any decent links/how-to's for >> full disk >> > encryption. >> > > > For truecrypt >> > > > http://www.truecrypt.org/docs/ >> > > > >> > > > Truecrypt also has an option for a secret hidden >> OS >> > > > >> > > > On Ubuntu you can do it at install if you use >> the >> > alternate install >> > > > CD. I used this a couple of times and it worked >> well. >> > The encrypted >> > > > home directory is what I use now. The one issue >> is that >> > if you have a >> > > > slight issue with your hard drive, and I mean >> slight, all >> > the data is >> > > > pretty much toast. It does not even have to be >> a bad >> > disk, just a >> > > > wrong bit flipped at the wrong time which >> happens more >> > than you think >> > > > on modern hard drives. If done right data >> recovery is not >> > possible. >> > > >> > > >> > > _______________________________________________ >> > > clug-talk mailing list >> > > [email protected] >> > > http://clug.ca/mailman/listinfo/clug-talk_clug.ca >> > > Mailing List Guidelines >> (http://clug.ca/ml_guidelines.php) >> > > **Please remove these lines when replying >> > >> > >> > >> > _______________________________________________ >> > clug-talk mailing list >> > [email protected] >> > http://clug.ca/mailman/listinfo/clug-talk_clug.ca >> > Mailing List Guidelines >> (http://clug.ca/ml_guidelines.php) >> > **Please remove these lines when replying >> > >> > >> > _______________________________________________ >> > clug-talk mailing list >> > [email protected] >> > http://clug.ca/mailman/listinfo/clug-talk_clug.ca >> > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) >> > **Please remove these lines when replying >> >> >> >> _______________________________________________ >> clug-talk mailing list >> [email protected] >> http://clug.ca/mailman/listinfo/clug-talk_clug.ca >> Mailing List Guidelines (http://clug.ca/ml_guidelines.php) >> **Please remove these lines when replying >> >> >> _______________________________________________ >> clug-talk mailing list >> [email protected] >> http://clug.ca/mailman/listinfo/clug-talk_clug.ca >> Mailing List Guidelines (http://clug.ca/ml_guidelines.php) >> **Please remove these lines when replying > > > > _______________________________________________ > clug-talk mailing list > [email protected] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > **Please remove these lines when replying > _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
