[Ecryptfs] [Bug 364015] Re: Auto mount of encrypted home directory RANDOMLY stops to work
Okay, I finally have my head wrapped around this bug. So here's the deal... To mount your home directory, you *must* provide your login passphrase at some point, because this passphrase is used unwrap your wrapped- passphrase file. This is what you're doing when you run sudo. Sudo prompts you for your passphrase, which walks the pam stack and mounts your home directory. I'm going to update the title of this bug. What you're really asking for, is to have a second wrapped-passphrase file, perhaps called ~/.ecryptfs/wrapped-passphrase.ssh, which is wrapped with your ssh private key instead of your system login passphrase. I am going to need to study the implementation of pam_ssh and authorized_keys... Thanks for the report and research. :-Dustin -- Support a wrapped-passphrase.ssh, wrapped with an ssh private key https://bugs.launchpad.net/bugs/364015 You received this bug notification because you are a member of eCryptfs, which is subscribed to ecryptfs-utils in ubuntu. Status in eCryptfs - Enterprise Cryptographic Filesystem: Confirmed Status in “ecryptfs-utils” source package in Ubuntu: Incomplete Bug description: I had a problem with ssh public key auth and encrypted home directory in Jaunty. I fixed the issue by workaround provided by Dustin Kirkland: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/362427 But after reboot auto mount of encrypted home directory has stopped to work. There is only one error string in auth.log: Mount of private directory return code [256] At the same time I am able to mount home directory manually through ecryptfs-mount-private command. But /sbin/mount.ecryptfs_private shows me the following: keyctl_search: Required key not available Perhaps try the interactive 'ecryptfs-mount-private' ... looks like pam_ecryptfs is not able to read ~/.ecryptfs/wrapped-passphrase ___ Mailing list: https://launchpad.net/~ecryptfs Post to : ecryptfs@lists.launchpad.net Unsubscribe : https://launchpad.net/~ecryptfs More help : https://help.launchpad.net/ListHelp
[Ecryptfs] [Bug 364015] Re: Auto mount of encrypted home directory RANDOMLY stops to work
Just tried with sudo echo hello, it allows me to log in on the next time with mounted home directory. I don't know does it matter or not, but I use screen. Just for note. -- Auto mount of encrypted home directory RANDOMLY stops to work https://bugs.launchpad.net/bugs/364015 You received this bug notification because you are a member of eCryptfs, which is subscribed to ecryptfs-utils in ubuntu. Status in eCryptfs - Enterprise Cryptographic Filesystem: Incomplete Status in “ecryptfs-utils” source package in Ubuntu: Incomplete Bug description: I had a problem with ssh public key auth and encrypted home directory in Jaunty. I fixed the issue by workaround provided by Dustin Kirkland: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/362427 But after reboot auto mount of encrypted home directory has stopped to work. There is only one error string in auth.log: Mount of private directory return code [256] At the same time I am able to mount home directory manually through ecryptfs-mount-private command. But /sbin/mount.ecryptfs_private shows me the following: keyctl_search: Required key not available Perhaps try the interactive 'ecryptfs-mount-private' ... looks like pam_ecryptfs is not able to read ~/.ecryptfs/wrapped-passphrase ___ Mailing list: https://launchpad.net/~ecryptfs Post to : ecryptfs@lists.launchpad.net Unsubscribe : https://launchpad.net/~ecryptfs More help : https://help.launchpad.net/ListHelp
[Ecryptfs] [Bug 364015] Re: Auto mount of encrypted home directory RANDOMLY stops to work
;-) https://bugs.launchpad.net/ecryptfs/+bug/367804 -- Auto mount of encrypted home directory RANDOMLY stops to work https://bugs.launchpad.net/bugs/364015 You received this bug notification because you are a member of eCryptfs, which is subscribed to ecryptfs-utils in ubuntu. Status in eCryptfs - Enterprise Cryptographic Filesystem: Incomplete Status in “ecryptfs-utils” source package in Ubuntu: Incomplete Bug description: I had a problem with ssh public key auth and encrypted home directory in Jaunty. I fixed the issue by workaround provided by Dustin Kirkland: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/362427 But after reboot auto mount of encrypted home directory has stopped to work. There is only one error string in auth.log: Mount of private directory return code [256] At the same time I am able to mount home directory manually through ecryptfs-mount-private command. But /sbin/mount.ecryptfs_private shows me the following: keyctl_search: Required key not available Perhaps try the interactive 'ecryptfs-mount-private' ... looks like pam_ecryptfs is not able to read ~/.ecryptfs/wrapped-passphrase ___ Mailing list: https://launchpad.net/~ecryptfs Post to : ecryptfs@lists.launchpad.net Unsubscribe : https://launchpad.net/~ecryptfs More help : https://help.launchpad.net/ListHelp
[Ecryptfs] [Bug 364015] Re: Auto mount of encrypted home directory RANDOMLY stops to work
Hi Dustin, Just checked - there is only one authorized_keys, it is in unencrypted mountpoint. I am not sure that I understood you well, but just checked the symlink to ~/.ecryptfs, it exists in both encrypted and unencrypted mountpoints, but it doesn't contain authorized_keys in both cases. -- Auto mount of encrypted home directory RANDOMLY stops to work https://bugs.launchpad.net/bugs/364015 You received this bug notification because you are a member of eCryptfs, which is subscribed to ecryptfs-utils in ubuntu. Status in eCryptfs - Enterprise Cryptographic Filesystem: Incomplete Status in “ecryptfs-utils” source package in Ubuntu: Incomplete Bug description: I had a problem with ssh public key auth and encrypted home directory in Jaunty. I fixed the issue by workaround provided by Dustin Kirkland: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/362427 But after reboot auto mount of encrypted home directory has stopped to work. There is only one error string in auth.log: Mount of private directory return code [256] At the same time I am able to mount home directory manually through ecryptfs-mount-private command. But /sbin/mount.ecryptfs_private shows me the following: keyctl_search: Required key not available Perhaps try the interactive 'ecryptfs-mount-private' ... looks like pam_ecryptfs is not able to read ~/.ecryptfs/wrapped-passphrase ___ Mailing list: https://launchpad.net/~ecryptfs Post to : ecryptfs@lists.launchpad.net Unsubscribe : https://launchpad.net/~ecryptfs More help : https://help.launchpad.net/ListHelp
Re: [Ecryptfs] [Bug 364015] Re: Auto mount of encrypted home directory RANDOMLY stops to work
Okay, I don't think you understood me very well... Do this ... Put a single, unencrypted copy of authorized_keys in /var/lib/ecryptfs/$USER Now, symlink to that file from two locations... When your $HOME is created, do: $ ln -s /var/lib/ecryptfs/$USER/authorized_keys $HOME/.ssh And the do the same when it's not mounted. :-Dustin -- Auto mount of encrypted home directory RANDOMLY stops to work https://bugs.launchpad.net/bugs/364015 You received this bug notification because you are a member of eCryptfs, which is subscribed to ecryptfs-utils in ubuntu. Status in eCryptfs - Enterprise Cryptographic Filesystem: Incomplete Status in “ecryptfs-utils” source package in Ubuntu: Incomplete Bug description: I had a problem with ssh public key auth and encrypted home directory in Jaunty. I fixed the issue by workaround provided by Dustin Kirkland: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/362427 But after reboot auto mount of encrypted home directory has stopped to work. There is only one error string in auth.log: Mount of private directory return code [256] At the same time I am able to mount home directory manually through ecryptfs-mount-private command. But /sbin/mount.ecryptfs_private shows me the following: keyctl_search: Required key not available Perhaps try the interactive 'ecryptfs-mount-private' ... looks like pam_ecryptfs is not able to read ~/.ecryptfs/wrapped-passphrase ___ Mailing list: https://launchpad.net/~ecryptfs Post to : ecryptfs@lists.launchpad.net Unsubscribe : https://launchpad.net/~ecryptfs More help : https://help.launchpad.net/ListHelp
Re: [Ecryptfs] [Bug 364015] Re: Auto mount of encrypted home directory RANDOMLY stops to work
Alexander- Do you have your authorized_keys file available in plaintext in both your encrypted and unencrypted mountpoints? For a hint, take a look at how your ~/.ecryptfs works. It's a symlink in both places--mounted and unmounted home dir. Both symlink point to /var/lib/ecryptfs/$USER. You should, perhaps, put all or some of your .ssh configuration in there, and establish symlinks back. Can you try that and let us know how it works? Others- If you're having trouble with pam_ecryptfs + pam_ssh, please open a new bug, as this is NOT the same issue that Alexander reported. Thanks. :-Dustin ___ Mailing list: https://launchpad.net/~ecryptfs Post to : ecryptfs@lists.launchpad.net Unsubscribe : https://launchpad.net/~ecryptfs More help : https://help.launchpad.net/ListHelp
[Ecryptfs] [Bug 364015] Re: Auto mount of encrypted home directory RANDOMLY stops to work
Hmm, okay, I'm unfamiliar with pam_ssh. Please help me understand... What are you trying to accomplish with this pam-ssh package? Your home (or private) directory is encrypted with a mount passphrase. This mount passphrase is symmetrically encrypted (wrapped) with your system login passphrase. In order to automatically mount your home (or private) directory, you must enter your system login passphrase, such that pam_ecryptfs can unwrap ~/.ecryptfs/wrapped-passphrase, obtain your mount passphrase, add that to your kernel keyring, and then perform the mount. It's possible that this pam-ssh feature is incompatible with encrypted- home/encrypted-private. If so, we should document this as such. Can you please provide more information? :-Dustin ** Changed in: ecryptfs Importance: Undecided = Low ** Changed in: ecryptfs Status: New = Incomplete ** Package changed: ubuntu = ecryptfs-utils (Ubuntu) ** Changed in: ecryptfs-utils (Ubuntu) Importance: Undecided = Medium ** Changed in: ecryptfs-utils (Ubuntu) Status: New = Incomplete -- Auto mount of encrypted home directory RANDOMLY stops to work https://bugs.launchpad.net/bugs/364015 You received this bug notification because you are a member of eCryptfs, which is subscribed to ecryptfs-utils in ubuntu. Status in eCryptfs - Enterprise Cryptographic Filesystem: Incomplete Status in “ecryptfs-utils” source package in Ubuntu: Incomplete Bug description: I had a problem with ssh public key auth and encrypted home directory in Jaunty. I fixed the issue by workaround provided by Dustin Kirkland: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/362427 But after reboot auto mount of encrypted home directory has stopped to work. There is only one error string in auth.log: Mount of private directory return code [256] At the same time I am able to mount home directory manually through ecryptfs-mount-private command. But /sbin/mount.ecryptfs_private shows me the following: keyctl_search: Required key not available Perhaps try the interactive 'ecryptfs-mount-private' ... looks like pam_ecryptfs is not able to read ~/.ecryptfs/wrapped-passphrase ___ Mailing list: https://launchpad.net/~ecryptfs Post to : ecryptfs@lists.launchpad.net Unsubscribe : https://launchpad.net/~ecryptfs More help : https://help.launchpad.net/ListHelp
[Ecryptfs] [Bug 364015] Re: Auto mount of encrypted home directory RANDOMLY stops to work
Hi Dustin, I am creator of this bug ;) As for me I do not use libpam-ssh. I just have a fresh installation of 9.04 and I use workaround provided by you to have ssh public key auth working. It works randomly, sometime I need to restart ssh and log in again to have encrypted home dir mounted. I am also able to mount home dir through ecryptfs-mount-private. -- Auto mount of encrypted home directory RANDOMLY stops to work https://bugs.launchpad.net/bugs/364015 You received this bug notification because you are a member of eCryptfs, which is subscribed to ecryptfs-utils in ubuntu. Status in eCryptfs - Enterprise Cryptographic Filesystem: Incomplete Status in “ecryptfs-utils” source package in Ubuntu: Incomplete Bug description: I had a problem with ssh public key auth and encrypted home directory in Jaunty. I fixed the issue by workaround provided by Dustin Kirkland: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/362427 But after reboot auto mount of encrypted home directory has stopped to work. There is only one error string in auth.log: Mount of private directory return code [256] At the same time I am able to mount home directory manually through ecryptfs-mount-private command. But /sbin/mount.ecryptfs_private shows me the following: keyctl_search: Required key not available Perhaps try the interactive 'ecryptfs-mount-private' ... looks like pam_ecryptfs is not able to read ~/.ecryptfs/wrapped-passphrase ___ Mailing list: https://launchpad.net/~ecryptfs Post to : ecryptfs@lists.launchpad.net Unsubscribe : https://launchpad.net/~ecryptfs More help : https://help.launchpad.net/ListHelp
