Right, sorry, typed the wrong commands.
Here is an exact cut-and-paste. I left out a few details in the last
one, as it was merely pseudo code.
$ /sbin/umount.ecryptfs_private
$ cd $HOME
$ chmod 700 .
$ mkdir -m 700 .ssh
$ chmod 500 .
$ echo $YOUR_REAL_PUBLIC_KEY .ssh/authorized_keys
$ /sbin/mount.ecryptfs_private
Note that you should not have *any* other programs running between
those umount and mount commands, as all of your home directory will be
unreadable by those programs. If you're on a graphical desktop, log
out of all sessions and either ssh in, or login on the tty terminal.
I just tested the above commands and they work perfectly.
:-Dustin
--
Public key ssh auth doesn't work with my Encrypted Home Directory
https://bugs.launchpad.net/bugs/362427
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu.
Status in eCryptfs - Enterprise Cryptographic Filesystem: Invalid
Status in “ecryptfs-utils” source package in Ubuntu: Invalid
Status in “openssh” source package in Ubuntu: Invalid
Bug description:
Spent all night to understand why public key ssh auth doesn't work. It seems to
me that issue only affects Jaunty. Please have a look at the details below.
So, the configuration is:
1. Client
- lsb_release: Ubuntu 8.10 intrepid
- ssh-client: OpenSSH_5.1p1 Debian-3ubuntu1, OpenSSL 0.9.8g 19 Oct 2007
2. Server A
- lsb_release: Ubuntu 8.04.2 hardy
- sshd: OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007
3. Server B
- lsb_release: Ubuntu 9.04 jaunty
- sshd: OpenSSH_5.1p1 Debian-5ubuntu1, OpenSSL 0.9.8g 19 Oct 2007
Server A and Server B have the same /etc/ssh/sshd_config:
RSAAuthentication yes
PubkeyAuthentication yes
StrictModes no
I turned StrictModes to no, but every server has the same permissions on
user's .ssh folder and .ssh/authorized_keys file. authorized_keys is the same
on Server A and Server B.
So, I am able to connect with public key from Client machine to Server A, but I
can't connect to Server B.
I run ssh client and sshd on Server B in debug mode, please find logs attached.
Most important strings from auth.log:
...
Apr 16 20:58:47 ubuntu sshd[21728]: debug3: mm_request_receive entering
Apr 16 20:58:47 ubuntu sshd[21728]: debug3: monitor_read: checking request 21
Apr 16 20:58:47 ubuntu sshd[21728]: debug3: mm_answer_keyallowed entering
Apr 16 20:58:47 ubuntu sshd[21728]: debug3: mm_answer_keyallowed:
key_from_blob: 0xb9084978
Apr 16 20:58:47 ubuntu sshd[21728]: debug1: Checking blacklist file
/usr/share/ssh/blacklist.DSA-1024
Apr 16 20:58:47 ubuntu sshd[21728]: debug1: Checking blacklist file
/etc/ssh/blacklist.DSA-1024
Apr 16 20:58:47 ubuntu sshd[21728]: debug1: temporarily_use_uid: 1000/1000
(e=0/0)
Apr 16 20:58:47 ubuntu sshd[21728]: debug1: trying public key file
/home/sasha/.ssh/authorized_keys
Apr 16 20:58:47 ubuntu sshd[21728]: debug1: restore_uid: 0/0
Apr 16 20:58:47 ubuntu sshd[21728]: debug1: temporarily_use_uid: 1000/1000
(e=0/0)
Apr 16 20:58:47 ubuntu sshd[21728]: debug1: trying public key file
/home/sasha/.ssh/authorized_keys2
Apr 16 20:58:47 ubuntu sshd[21728]: debug1: restore_uid: 0/0
Apr 16 20:58:47 ubuntu sshd[21728]: Failed publickey for sasha from 10.0.0.11
port 51194 ssh2
Apr 16 20:58:47 ubuntu sshd[21728]: debug3: mm_answer_keyallowed: key
0xb9084978 is not allowed
...
___
Mailing list: https://launchpad.net/~ecryptfs
Post to : ecryptfs@lists.launchpad.net
Unsubscribe : https://launchpad.net/~ecryptfs
More help : https://help.launchpad.net/ListHelp
