Home » Questions » Computers [ Ask a new question ]

SSH with authorized_keys to an Ubuntu system with encrypted homedir?

SSH with authorized_keys to an Ubuntu system with encrypted homedir?

I recently set up a new server with Ubuntu karmic 9.10, and when I created my home directory I chose to make it encrypted. Now, after loading my authorized_keys file into ~/.ssh, it isn't recognized because my home directory isn't decrypted until after I log in. Is there a way to make SSH keys work with encrypted home directories under Ubuntu?

Asked by: Guest | Views: 116
Total answers/comments: 2
Guest [Entry]

"Change this line in your sshd_config file:

AuthorizedKeysFile /etc/ssh/%u/authorized_keys

And then move your authorized_keys file to /etc/ssh/your-username/authorized_keys

This post documents another way to solve this."
Guest [Entry]

"I just spent some time messing around with this, and the answer is that it's pretty much fundamentally impossible. It is possible to set up passwordless public-key-authenticated logins via ssh, so you don't have to type in your password to log in, but that doesn't get you anywhere, because your home directory is still encrypted.

The simple fact is that your encrypted home directory is encrypted with a password*, so the only way to decrypt it is with that password.

And if you're thinking that in theory it should be possible to use your ssh key to decrypt the mount passphrase upon login, that won't work because your private key is never sent to the server at all.

So basically, if you want encryption, you have to use passwords. Encrypted home directories are incompatible with fingerprint logins for the same reason.

*I know it's more complicated than a single password, but let's keep it simple for now."