[Ecryptfs] [Bug 364015] Re: Support a wrapped-passphrase.ssh, wrapped with an ssh private key
Hello- I've spent quite a bit of time on this, and I really don't think this can be solved properly. If you can engineer a design that works, I'm all ears. Thanks. :-Dustin ** Changed in: ecryptfs-utils (Ubuntu) Status: Confirmed = Won't Fix ** Changed in: ecryptfs Status: Confirmed = Won't Fix -- Support a wrapped-passphrase.ssh, wrapped with an ssh private key https://bugs.launchpad.net/bugs/364015 You received this bug notification because you are a member of eCryptfs, which is subscribed to ecryptfs-utils in ubuntu. Status in eCryptfs - Enterprise Cryptographic Filesystem: Won't Fix Status in “ecryptfs-utils” package in Ubuntu: Won't Fix Bug description: I had a problem with ssh public key auth and encrypted home directory in Jaunty. I fixed the issue by workaround provided by Dustin Kirkland: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/362427 But after reboot auto mount of encrypted home directory has stopped to work. There is only one error string in auth.log: Mount of private directory return code [256] At the same time I am able to mount home directory manually through ecryptfs-mount-private command. But /sbin/mount.ecryptfs_private shows me the following: keyctl_search: Required key not available Perhaps try the interactive 'ecryptfs-mount-private' ... looks like pam_ecryptfs is not able to read ~/.ecryptfs/wrapped-passphrase ___ Mailing list: https://launchpad.net/~ecryptfs Post to : ecryptfs@lists.launchpad.net Unsubscribe : https://launchpad.net/~ecryptfs More help : https://help.launchpad.net/ListHelp
[Ecryptfs] [Bug 364015] Re: Support a wrapped-passphrase.ssh, wrapped with an ssh private key
Hi Dustin, Thanks a lot for explanation. Unfortunately such kind of home directory encryption doesn't suit my needs. So, I have encrypted home directory and I able to mount it only with login passphrase our mount it manually in case of public key auth. In the last case I have to mount directory every time after ssh login. Is there any way to mount encrypted home directory manually only once(on server restart)? -- Support a wrapped-passphrase.ssh, wrapped with an ssh private key https://bugs.launchpad.net/bugs/364015 You received this bug notification because you are a member of eCryptfs, which is subscribed to ecryptfs-utils in ubuntu. Status in eCryptfs - Enterprise Cryptographic Filesystem: Confirmed Status in “ecryptfs-utils” source package in Ubuntu: Confirmed Bug description: I had a problem with ssh public key auth and encrypted home directory in Jaunty. I fixed the issue by workaround provided by Dustin Kirkland: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/362427 But after reboot auto mount of encrypted home directory has stopped to work. There is only one error string in auth.log: Mount of private directory return code [256] At the same time I am able to mount home directory manually through ecryptfs-mount-private command. But /sbin/mount.ecryptfs_private shows me the following: keyctl_search: Required key not available Perhaps try the interactive 'ecryptfs-mount-private' ... looks like pam_ecryptfs is not able to read ~/.ecryptfs/wrapped-passphrase ___ Mailing list: https://launchpad.net/~ecryptfs Post to : ecryptfs@lists.launchpad.net Unsubscribe : https://launchpad.net/~ecryptfs More help : https://help.launchpad.net/ListHelp
Re: [Ecryptfs] [Bug 364015] Re: Support a wrapped-passphrase.ssh, wrapped with an ssh private key
On Tue, May 12, 2009 at 1:28 PM, Alexander Kraev alexander.kr...@gmail.com wrote: Is there any way to mount encrypted home directory manually only once(on server restart)? Yes. Remove your $HOME/.ecryptfs/auto-umount file. This will tell PAM not to unmount on logout. :-Dustin -- Support a wrapped-passphrase.ssh, wrapped with an ssh private key https://bugs.launchpad.net/bugs/364015 You received this bug notification because you are a member of eCryptfs, which is subscribed to ecryptfs-utils in ubuntu. Status in eCryptfs - Enterprise Cryptographic Filesystem: Confirmed Status in “ecryptfs-utils” source package in Ubuntu: Confirmed Bug description: I had a problem with ssh public key auth and encrypted home directory in Jaunty. I fixed the issue by workaround provided by Dustin Kirkland: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/362427 But after reboot auto mount of encrypted home directory has stopped to work. There is only one error string in auth.log: Mount of private directory return code [256] At the same time I am able to mount home directory manually through ecryptfs-mount-private command. But /sbin/mount.ecryptfs_private shows me the following: keyctl_search: Required key not available Perhaps try the interactive 'ecryptfs-mount-private' ... looks like pam_ecryptfs is not able to read ~/.ecryptfs/wrapped-passphrase ___ Mailing list: https://launchpad.net/~ecryptfs Post to : ecryptfs@lists.launchpad.net Unsubscribe : https://launchpad.net/~ecryptfs More help : https://help.launchpad.net/ListHelp
[Ecryptfs] [Bug 364015] Re: Support a wrapped-passphrase.ssh, wrapped with an ssh private key
Having talked to Colin Watson, this is actually quite a complicated request. When doing ssh authentication, your private ssh key is not actually sent to the host system. Instead, the client signs a message with the private key, and sends this to the server, which authenticates the message using the public key. As such, this might require some ssh protocol extension to solve. :-Dustin -- Support a wrapped-passphrase.ssh, wrapped with an ssh private key https://bugs.launchpad.net/bugs/364015 You received this bug notification because you are a member of eCryptfs, which is subscribed to ecryptfs-utils in ubuntu. Status in eCryptfs - Enterprise Cryptographic Filesystem: Confirmed Status in “ecryptfs-utils” source package in Ubuntu: Confirmed Bug description: I had a problem with ssh public key auth and encrypted home directory in Jaunty. I fixed the issue by workaround provided by Dustin Kirkland: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/362427 But after reboot auto mount of encrypted home directory has stopped to work. There is only one error string in auth.log: Mount of private directory return code [256] At the same time I am able to mount home directory manually through ecryptfs-mount-private command. But /sbin/mount.ecryptfs_private shows me the following: keyctl_search: Required key not available Perhaps try the interactive 'ecryptfs-mount-private' ... looks like pam_ecryptfs is not able to read ~/.ecryptfs/wrapped-passphrase ___ Mailing list: https://launchpad.net/~ecryptfs Post to : ecryptfs@lists.launchpad.net Unsubscribe : https://launchpad.net/~ecryptfs More help : https://help.launchpad.net/ListHelp
[Ecryptfs] [Bug 364015] Re: Support a wrapped-passphrase.ssh, wrapped with an ssh private key
** Summary changed: - Auto mount of encrypted home directory RANDOMLY stops to work + Support a wrapped-passphrase.ssh, wrapped with an ssh private key ** Changed in: ecryptfs Importance: Low = Wishlist ** Changed in: ecryptfs Status: Incomplete = Confirmed ** Changed in: ecryptfs-utils (Ubuntu) Importance: Medium = Wishlist ** Changed in: ecryptfs-utils (Ubuntu) Status: Incomplete = Confirmed -- Support a wrapped-passphrase.ssh, wrapped with an ssh private key https://bugs.launchpad.net/bugs/364015 You received this bug notification because you are a member of eCryptfs, which is subscribed to ecryptfs-utils in ubuntu. Status in eCryptfs - Enterprise Cryptographic Filesystem: Confirmed Status in “ecryptfs-utils” source package in Ubuntu: Confirmed Bug description: I had a problem with ssh public key auth and encrypted home directory in Jaunty. I fixed the issue by workaround provided by Dustin Kirkland: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/362427 But after reboot auto mount of encrypted home directory has stopped to work. There is only one error string in auth.log: Mount of private directory return code [256] At the same time I am able to mount home directory manually through ecryptfs-mount-private command. But /sbin/mount.ecryptfs_private shows me the following: keyctl_search: Required key not available Perhaps try the interactive 'ecryptfs-mount-private' ... looks like pam_ecryptfs is not able to read ~/.ecryptfs/wrapped-passphrase ___ Mailing list: https://launchpad.net/~ecryptfs Post to : ecryptfs@lists.launchpad.net Unsubscribe : https://launchpad.net/~ecryptfs More help : https://help.launchpad.net/ListHelp
