[Ecryptfs] [Bug 362427] Re: Public key ssh auth doesn't work with my Encrypted Home Directory
Hi, Dustin! The workaround works. Could you please give me a link to good description of private directory's encryption in Ubuntu, internals and so on. Many thanks, Alex -- Public key ssh auth doesn't work with my Encrypted Home Directory https://bugs.launchpad.net/bugs/362427 You received this bug notification because you are a member of eCryptfs, which is subscribed to ecryptfs-utils in ubuntu. Status in eCryptfs - Enterprise Cryptographic Filesystem: Invalid Status in “ecryptfs-utils” source package in Ubuntu: Invalid Status in “openssh” source package in Ubuntu: Invalid Bug description: Spent all night to understand why public key ssh auth doesn't work. It seems to me that issue only affects Jaunty. Please have a look at the details below. So, the configuration is: 1. Client - lsb_release: Ubuntu 8.10 intrepid - ssh-client: OpenSSH_5.1p1 Debian-3ubuntu1, OpenSSL 0.9.8g 19 Oct 2007 2. Server A - lsb_release: Ubuntu 8.04.2 hardy - sshd: OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007 3. Server B - lsb_release: Ubuntu 9.04 jaunty - sshd: OpenSSH_5.1p1 Debian-5ubuntu1, OpenSSL 0.9.8g 19 Oct 2007 Server A and Server B have the same /etc/ssh/sshd_config: RSAAuthentication yes PubkeyAuthentication yes StrictModes no I turned StrictModes to no, but every server has the same permissions on user's .ssh folder and .ssh/authorized_keys file. authorized_keys is the same on Server A and Server B. So, I am able to connect with public key from Client machine to Server A, but I can't connect to Server B. I run ssh client and sshd on Server B in debug mode, please find logs attached. Most important strings from auth.log: ... Apr 16 20:58:47 ubuntu sshd[21728]: debug3: mm_request_receive entering Apr 16 20:58:47 ubuntu sshd[21728]: debug3: monitor_read: checking request 21 Apr 16 20:58:47 ubuntu sshd[21728]: debug3: mm_answer_keyallowed entering Apr 16 20:58:47 ubuntu sshd[21728]: debug3: mm_answer_keyallowed: key_from_blob: 0xb9084978 Apr 16 20:58:47 ubuntu sshd[21728]: debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024 Apr 16 20:58:47 ubuntu sshd[21728]: debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024 Apr 16 20:58:47 ubuntu sshd[21728]: debug1: temporarily_use_uid: 1000/1000 (e=0/0) Apr 16 20:58:47 ubuntu sshd[21728]: debug1: trying public key file /home/sasha/.ssh/authorized_keys Apr 16 20:58:47 ubuntu sshd[21728]: debug1: restore_uid: 0/0 Apr 16 20:58:47 ubuntu sshd[21728]: debug1: temporarily_use_uid: 1000/1000 (e=0/0) Apr 16 20:58:47 ubuntu sshd[21728]: debug1: trying public key file /home/sasha/.ssh/authorized_keys2 Apr 16 20:58:47 ubuntu sshd[21728]: debug1: restore_uid: 0/0 Apr 16 20:58:47 ubuntu sshd[21728]: Failed publickey for sasha from 10.0.0.11 port 51194 ssh2 Apr 16 20:58:47 ubuntu sshd[21728]: debug3: mm_answer_keyallowed: key 0xb9084978 is not allowed ... ___ Mailing list: https://launchpad.net/~ecryptfs Post to : ecryptfs@lists.launchpad.net Unsubscribe : https://launchpad.net/~ecryptfs More help : https://help.launchpad.net/ListHelp
[Ecryptfs] [Bug 363876] Re: ecryptfs create Private dir with wrong permissions
jaunty RC -- ecryptfs create Private dir with wrong permissions https://bugs.launchpad.net/bugs/363876 You received this bug notification because you are a member of eCryptfs, which is subscribed to ecryptfs-utils in ubuntu. Status in “ecryptfs-utils” source package in Ubuntu: New Bug description: Binary package hint: ecryptfs-utils I issued: $ sudo aptitude install ecryptfs-utils $ ecryptfs-setup-private I got; Private dir had permissions dr-x--, i.e. it was 500, not 700 besides that, mount didn't reported any dir Private mounted ___ Mailing list: https://launchpad.net/~ecryptfs Post to : ecryptfs@lists.launchpad.net Unsubscribe : https://launchpad.net/~ecryptfs More help : https://help.launchpad.net/ListHelp
[Ecryptfs] [Bug 363876] [NEW] ecryptfs create Private dir with wrong permissions
Public bug reported: Binary package hint: ecryptfs-utils I issued: $ sudo aptitude install ecryptfs-utils $ ecryptfs-setup-private I got; Private dir had permissions dr-x--, i.e. it was 500, not 700 besides that, mount didn't reported any dir Private mounted ** Affects: ecryptfs-utils (Ubuntu) Importance: Undecided Status: New -- ecryptfs create Private dir with wrong permissions https://bugs.launchpad.net/bugs/363876 You received this bug notification because you are a member of eCryptfs, which is subscribed to ecryptfs-utils in ubuntu. Status in “ecryptfs-utils” source package in Ubuntu: New Bug description: Binary package hint: ecryptfs-utils I issued: $ sudo aptitude install ecryptfs-utils $ ecryptfs-setup-private I got; Private dir had permissions dr-x--, i.e. it was 500, not 700 besides that, mount didn't reported any dir Private mounted ___ Mailing list: https://launchpad.net/~ecryptfs Post to : ecryptfs@lists.launchpad.net Unsubscribe : https://launchpad.net/~ecryptfs More help : https://help.launchpad.net/ListHelp
[Ecryptfs] [Bug 363876] Re: ecryptfs create Private dir with wrong permissions
This is by design, not a bug. When the private directory is not mounted, the permissions are 500 so that you don't inadvertently write data to the unecrypted mountpoint. Once it's mounted, then the permissions will be 700. Did you log out and log back in to see if the automount takes place? :-Dustin ** Changed in: ecryptfs-utils (Ubuntu) Status: New = Invalid -- ecryptfs create Private dir with wrong permissions https://bugs.launchpad.net/bugs/363876 You received this bug notification because you are a member of eCryptfs, which is subscribed to ecryptfs-utils in ubuntu. Status in “ecryptfs-utils” source package in Ubuntu: Invalid Bug description: Binary package hint: ecryptfs-utils I issued: $ sudo aptitude install ecryptfs-utils $ ecryptfs-setup-private I got; Private dir had permissions dr-x--, i.e. it was 500, not 700 besides that, mount didn't reported any dir Private mounted ___ Mailing list: https://launchpad.net/~ecryptfs Post to : ecryptfs@lists.launchpad.net Unsubscribe : https://launchpad.net/~ecryptfs More help : https://help.launchpad.net/ListHelp
Re: [Ecryptfs] [Bug 362427] Re: Public key ssh auth doesn't work with my Encrypted Home Directory
On Sun, Apr 19, 2009 at 2:34 PM, Alexander Kraev alexander.kr...@gmail.com wrote: The workaround works. Could you please give me a link to good description of private directory's encryption in Ubuntu, internals and so on. http://blog.dustinkirkland.com/2009/02/how-encrypted-home-ecryptfs- works.html :-Dustin -- Public key ssh auth doesn't work with my Encrypted Home Directory https://bugs.launchpad.net/bugs/362427 You received this bug notification because you are a member of eCryptfs, which is subscribed to ecryptfs-utils in ubuntu. Status in eCryptfs - Enterprise Cryptographic Filesystem: Invalid Status in “ecryptfs-utils” source package in Ubuntu: Invalid Status in “openssh” source package in Ubuntu: Invalid Bug description: Spent all night to understand why public key ssh auth doesn't work. It seems to me that issue only affects Jaunty. Please have a look at the details below. So, the configuration is: 1. Client - lsb_release: Ubuntu 8.10 intrepid - ssh-client: OpenSSH_5.1p1 Debian-3ubuntu1, OpenSSL 0.9.8g 19 Oct 2007 2. Server A - lsb_release: Ubuntu 8.04.2 hardy - sshd: OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007 3. Server B - lsb_release: Ubuntu 9.04 jaunty - sshd: OpenSSH_5.1p1 Debian-5ubuntu1, OpenSSL 0.9.8g 19 Oct 2007 Server A and Server B have the same /etc/ssh/sshd_config: RSAAuthentication yes PubkeyAuthentication yes StrictModes no I turned StrictModes to no, but every server has the same permissions on user's .ssh folder and .ssh/authorized_keys file. authorized_keys is the same on Server A and Server B. So, I am able to connect with public key from Client machine to Server A, but I can't connect to Server B. I run ssh client and sshd on Server B in debug mode, please find logs attached. Most important strings from auth.log: ... Apr 16 20:58:47 ubuntu sshd[21728]: debug3: mm_request_receive entering Apr 16 20:58:47 ubuntu sshd[21728]: debug3: monitor_read: checking request 21 Apr 16 20:58:47 ubuntu sshd[21728]: debug3: mm_answer_keyallowed entering Apr 16 20:58:47 ubuntu sshd[21728]: debug3: mm_answer_keyallowed: key_from_blob: 0xb9084978 Apr 16 20:58:47 ubuntu sshd[21728]: debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024 Apr 16 20:58:47 ubuntu sshd[21728]: debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024 Apr 16 20:58:47 ubuntu sshd[21728]: debug1: temporarily_use_uid: 1000/1000 (e=0/0) Apr 16 20:58:47 ubuntu sshd[21728]: debug1: trying public key file /home/sasha/.ssh/authorized_keys Apr 16 20:58:47 ubuntu sshd[21728]: debug1: restore_uid: 0/0 Apr 16 20:58:47 ubuntu sshd[21728]: debug1: temporarily_use_uid: 1000/1000 (e=0/0) Apr 16 20:58:47 ubuntu sshd[21728]: debug1: trying public key file /home/sasha/.ssh/authorized_keys2 Apr 16 20:58:47 ubuntu sshd[21728]: debug1: restore_uid: 0/0 Apr 16 20:58:47 ubuntu sshd[21728]: Failed publickey for sasha from 10.0.0.11 port 51194 ssh2 Apr 16 20:58:47 ubuntu sshd[21728]: debug3: mm_answer_keyallowed: key 0xb9084978 is not allowed ... ___ Mailing list: https://launchpad.net/~ecryptfs Post to : ecryptfs@lists.launchpad.net Unsubscribe : https://launchpad.net/~ecryptfs More help : https://help.launchpad.net/ListHelp