The default install does not allow you to ssh in with a private/public key pair, obviously because your keys are encrypted with everything else in your home directory. The work around is to provide a plain-text copy of authorized_keys in your encrypted directory. This works, but you have to remember to type
ecryptfs-mount-private
when you ssh in. I use another workaround for this. Create .profile in the encrypted directory and add two lines
ecryptfs-mount-private source ~/.profile
to the .profile file. I now only have to enter my normal user password after sshing in. After typing cd I am in my un-encrypted home directory. Also my .profile and .bashrc get sourced.
To copy authorized_keys from the un-encrypted directory to the encrypted one it is necessary to first copy it somewhere else, like /tmp, then unmount the un-encrypted directory and sudo mv it back to the encrypted directory. This is because the un-encrypted directory is mounted on top of the encrypted directory. Also you create the short .profile file with sudo for the same reason. Remember, the encrypted directory is owned by root though the files in it are owned by you. After copying the file to /tmp, Unmount the un-encrypted directory with
ecryptfs-umount-private
then cd to go to your encrypted directory and sudo mv the file
$ cp -a .ssh/authorized_keys /tmp $ ecryptfs-umount-private $ cd $ sudo mkdir .ssh $ sudo chmod 700 .ssh $ sudo chown me.me .ssh $ sudo mv /tmp/authorized_keys .ssh/ $ echo ecryptfs-mount-private > .profile $ echo 'source ~/.profile' >> .profile $ sudo chown me.me .profile $ sudo chmod 400 .profile .ssh/authorized_keys $ exit
Now log back in, or ssh to the box
If you didn't elect to encrypt your home directory at install time, you can do it now
sudo apt-get install ecryptfs-utils sudo ecryptfs-migrate-home -u username
If you forget your passphrase
ecryptfs-unwrap-passphrase
|
This site best viewed with a browser |
| Warning: This is a Debian centric site and MAY contain peanuts. | |
| Many thanks to Debra Lynn and Ian Murdock for making Debian possible | |
| First created Mar 11, 2011 ~ Last revised February 21, 2012 |
