On Mo, 02.12.19 12:39, Chris Murphy (li...@colorremedies.com) wrote:

> Basically you have to choose between user home security (or more
> specifically privacy) and remote logins. However, there are some
> ideas that could possibly work around this, to varying degrees of
> inelegance, which I'll gratuitously copy from a related Workstation
> WG issue [1].
> 1. Enhance openssh's PAM support
> 2. Stub account to ssh into, whereby the user is prompted to
> authenticate+unlock the real account; and now ssh into the real
> account.
> 3. Same as 2 but maybe it's possible to bind mount the real home dir
> over the stub home dir, eliminating the 2nd login? (Vaguely recall
> reading about this somewhere, maybe Ubuntu's use of ecryptfs based
> home, now since deprecated in favor of LUKS)
> 4. If based on any fscrypt implementation, exclude ~/.ssh/ from
> encryption

systemd-homed integrates with sshd's AuthorizedKeysCommand and
supplies any SSH keys assoicated with the user account directly to SSH
without anyone needing access ~/.ssh/. i.e. integration with SSH is
actually already in place.

The problem is that sshd's PAM implementation doesn't allow PAM
modules to ask questions in login sessions which are authenticated via
authorized_keys instead of PAM. Because if we could ask questions
then, we could simply ask the user for the passphrase to derive the
LUKS key from if we need. That would mean that if you SSH login if you
already are logged in locally, then logins would be instant, but if
you SSH login otherwise then you'd get a prompt for the pw first.


Lennart Poettering, Berlin
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 

Reply via email to