[Bug 362427] Re: Public key ssh auth doesn't work with my Encrypted Home Directory
Hi guys, I am not really an experienced user and haven't actually applied the solution proposed in comment #12 , but as I understand the authorized public key is added in .ssh/authorized_keys, so, wouldn't it be possible to put another public key using a live cd and then login using the corresponding private key ? Best Regards, -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/362427 Title: Public key ssh auth doesn't work with my Encrypted Home Directory To manage notifications about this bug go to: https://bugs.launchpad.net/ecryptfs/+bug/362427/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 362427] Re: Public key ssh auth doesn't work with my Encrypted Home Directory
If you've implementing Dustin's workaround, you may run into a delay when logging in, and an Xauthority error. This is caused by xauth being unable to write to your home directory before the encrypted directory is mounted. Here is my workaround. Using the ~/.ssh/rc file, the xauth parameters are written to a temp file, then read into a variable before your encrypted $HOME is mounted, then passed to xauth. put the following files in your UN-encrypted home directory. ~$ cat .ssh/rc #!/bin/bash if read proto cookie [ -n $DISPLAY ]; then if [ $(echo $DISPLAY | cut -c1-10) = 'localhost:' ]; then # X11UseLocalhost=yes echo add unix:$(echo $DISPLAY | cut -c11-) $proto $cookie ~/.ssh/xauth_temp else # X11UseLocalhost=no echo add $DISPLAY $proto $cookie ~/.ssh/xauth_temp fi fi ~$ cat .bash_login #!/bin/bash if test -e $HOME/.ecryptfs/auto-mount; then XAUTH=$(cat ~/.ssh/xauth_temp) mount | grep $HOME type ecryptfs if test $? != 0; then ecryptfs-mount-private cd $HOME source ~/.bashrc fi echo $XAUTH | xauth -q - fi Hope this helps someone! The original .bash_login script comes from: http://ubuntuforums.org/showthread.php?t=1332820s=2551a0a94ce3b24ad3e3c60601319bc3p=8452729#post8452729 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/362427 Title: Public key ssh auth doesn't work with my Encrypted Home Directory To manage notifications about this bug go to: https://bugs.launchpad.net/ecryptfs/+bug/362427/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 362427] Re: Public key ssh auth doesn't work with my Encrypted Home Directory
The password you log in with, is used to decrypt/unwrap the key used to decrypt the ecryptfs. Would there not be a way of using the ssh secret key, used for login with ssh to also unlock/unwrap the ecryptfs ? Probably something that would have to be added to sshd. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/362427 Title: Public key ssh auth doesn't work with my Encrypted Home Directory To manage notifications about this bug go to: https://bugs.launchpad.net/ecryptfs/+bug/362427/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 362427] Re: Public key ssh auth doesn't work with my Encrypted Home Directory
Pieter, the private key is never made available in any form to the sshd server. The server only has access to the public portion of the key in ~/.ssh/authorized_keys. You would probably not want a file on the filesystem to serve as the secret key for your encrypted directory, as that defeats the point of encrypting the directory in the first place. Thanks -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/362427 Title: Public key ssh auth doesn't work with my Encrypted Home Directory To manage notifications about this bug go to: https://bugs.launchpad.net/ecryptfs/+bug/362427/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 362427] Re: Public key ssh auth doesn't work with my Encrypted Home Directory
I don't think the workaround in #12 is practically useful unless you want to disallow password-based logins. The password is needed anyway to unlock the ecryptfs key, so imho typing it in once on first login is way easier than authenticating via public key and then manually unlocking the encrypted home. Especially since key based authentication works fine on subsequent sessions i.e. if the user is already logged in at least once and the home directory is therefore unlocked. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/362427 Title: Public key ssh auth doesn't work with my Encrypted Home Directory To manage notifications about this bug go to: https://bugs.launchpad.net/ecryptfs/+bug/362427/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 362427] Re: Public key ssh auth doesn't work with my Encrypted Home Directory
In reply to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/362427/comments/12 on /sbin/mount.ecryptfs_private I got the following message: keyctl_search: Required key not available Perhaps try the interactive 'ecryptfs-mount-private' This comment is linked to from https://help.ubuntu.com/community/EncryptedHome ecryptfs-mount-private worked fine for me, so I'd like to recommend it as a future inclusion to the howto for this page. I also have my keys in the /etc/ssh/%u/authorized_keys folder and used the above method to allow for ln -d to as ~/.ssh/authorized_keys2 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/362427 Title: Public key ssh auth doesn't work with my Encrypted Home Directory To manage notifications about this bug go to: https://bugs.launchpad.net/ecryptfs/+bug/362427/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 362427] Re: Public key ssh auth doesn't work with my Encrypted Home Directory
Isn't this the same as https://bugs.launchpad.net/ubuntu/+source/encfs/+bug/319909 ? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/362427 Title: Public key ssh auth doesn't work with my Encrypted Home Directory To manage notifications about this bug go to: https://bugs.launchpad.net/ecryptfs/+bug/362427/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 362427] Re: Public key ssh auth doesn't work with my Encrypted Home Directory
I had this same problem, but I'm not using encrypted home directories. I did set my home directories permissions to 770 though. Moving the authorized keys to /etc/ssh/%u/authorized_keys worked. Client: Ubuntu 9.04 Server: Ubuntu 9.04 -- Public key ssh auth doesn't work with my Encrypted Home Directory https://bugs.launchpad.net/bugs/362427 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 362427] Re: Public key ssh auth doesn't work with my Encrypted Home Directory
Hi, Dustin! The workaround works. Could you please give me a link to good description of private directory's encryption in Ubuntu, internals and so on. Many thanks, Alex -- Public key ssh auth doesn't work with my Encrypted Home Directory https://bugs.launchpad.net/bugs/362427 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 362427] Re: Public key ssh auth doesn't work with my Encrypted Home Directory
Strange but auto mount of encrypted private directory has stopped to work. There is only Mount of private directory return code [256] error in auth.log. But I am able to mount manually the private dir after ssh login. -- Public key ssh auth doesn't work with my Encrypted Home Directory https://bugs.launchpad.net/bugs/362427 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 362427] Re: Public key ssh auth doesn't work with my Encrypted Home Directory
On Sun, Apr 19, 2009 at 2:34 PM, Alexander Kraev alexander.kr...@gmail.com wrote: The workaround works. Could you please give me a link to good description of private directory's encryption in Ubuntu, internals and so on. http://blog.dustinkirkland.com/2009/02/how-encrypted-home-ecryptfs- works.html :-Dustin -- Public key ssh auth doesn't work with my Encrypted Home Directory https://bugs.launchpad.net/bugs/362427 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 362427] Re: Public key ssh auth doesn't work with my Encrypted Home Directory
Thanks, Dustin. Just tried your workaround. But it doesn't work. I steel get the same error. Just for note, there is /sbin/ecryptfs.umount_private, there is /sbin/umount.ecryptfs_private -- Public key ssh auth doesn't work with my Encrypted Home Directory https://bugs.launchpad.net/bugs/362427 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 362427] Re: Public key ssh auth doesn't work with my Encrypted Home Directory
Thanks, Dustin. Just tried your workaround. But it doesn't work. I steel get the same error. Just for note, there is no /sbin/ecryptfs.umount_private, there is /sbin/umount.ecryptfs_private -- Public key ssh auth doesn't work with my Encrypted Home Directory https://bugs.launchpad.net/bugs/362427 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 362427] Re: Public key ssh auth doesn't work with my Encrypted Home Directory
Right, sorry, typed the wrong commands. Here is an exact cut-and-paste. I left out a few details in the last one, as it was merely pseudo code. $ /sbin/umount.ecryptfs_private $ cd $HOME $ chmod 700 . $ mkdir -m 700 .ssh $ chmod 500 . $ echo $YOUR_REAL_PUBLIC_KEY .ssh/authorized_keys $ /sbin/mount.ecryptfs_private Note that you should not have *any* other programs running between those umount and mount commands, as all of your home directory will be unreadable by those programs. If you're on a graphical desktop, log out of all sessions and either ssh in, or login on the tty terminal. I just tested the above commands and they work perfectly. :-Dustin -- Public key ssh auth doesn't work with my Encrypted Home Directory https://bugs.launchpad.net/bugs/362427 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
