13 April 2016

On ecryptfs and ssh public key authentication.

I'm using an Ubuntu (not by choice, mind you) box to compile stuff on, which I've set up with ecryptfs to encrypt my user's home directory.
It's a headless box so most of the stuff I do on it is over SSH and I've been really annoyed to learn ecryptfs, by default,  auto-unmounts the user's home directly every time the SSH session disconnects.
Why, you ask? Because it breaks public key authentication aka 'passwordless login'.
Turns out ecryptfs, by default, needs the user's login password to decrypt the volume, which it then mounts so all is good as long as one's using a password based login procedure.
Anyways: a reasonable workaround (as there's no fixing this design issue), as long as the box doesn't shutdown too often, that is, is to not allow the volume to unmount every time the working session is closed:

  • Supply the password once over SSH, which auto-mounts the volume
  • Remove the ~/.ecryptfs/auto-umount file
  • Done

No comments:

Post a Comment