[Bug 362427] Re: Public key ssh auth doesn't work with my Encrypted Home Directory

Florian Rathgeber 362427 at bugs.launchpad.net
Sat Aug 11 14:37:22 UTC 2012 

I don't think the workaround in #12 is practically useful unless you
want to disallow password-based logins. The password is needed anyway to
unlock the ecryptfs key, so imho typing it in once on first login is way
easier than authenticating via public key and then manually unlocking
the encrypted home. Especially since key based authentication works fine
on subsequent sessions i.e. if the user is already logged in at least
once and the home directory is therefore unlocked.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/362427

Title:
  Public key ssh auth doesn't work with my Encrypted Home Directory

Status in eCryptfs:
  Invalid
Status in “ecryptfs-utils” package in Ubuntu:
  Invalid
Status in “openssh” package in Ubuntu:
  Invalid

Bug description:
  Spent all night to understand why public key ssh auth doesn't work. It
  seems to me that issue only affects Jaunty. Please have a look at the
  details below.

  So, the configuration is:

  1. Client
  - lsb_release: Ubuntu 8.10 intrepid
  - ssh-client: OpenSSH_5.1p1 Debian-3ubuntu1, OpenSSL 0.9.8g 19 Oct 2007

  2. Server A
  - lsb_release: Ubuntu 8.04.2 hardy
  - sshd: OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007

  3. Server B
  - lsb_release: Ubuntu 9.04 jaunty
  - sshd: OpenSSH_5.1p1 Debian-5ubuntu1, OpenSSL 0.9.8g 19 Oct 2007

  Server A and Server B have the same /etc/ssh/sshd_config:
  RSAAuthentication yes
  PubkeyAuthentication yes
  StrictModes no

  I turned StrictModes to "no", but every server has the same
  permissions on user's .ssh folder and .ssh/authorized_keys file.
  authorized_keys is the same on Server A and Server B.

  So, I am able to connect with public key from Client machine to Server
  A, but I can't connect to Server B.

  I run ssh client and sshd on Server B in debug mode, please find logs
  attached.

  Most important strings from auth.log:

  ...
  Apr 16 20:58:47 ubuntu sshd[21728]: debug3: mm_request_receive entering
  Apr 16 20:58:47 ubuntu sshd[21728]: debug3: monitor_read: checking request 21
  Apr 16 20:58:47 ubuntu sshd[21728]: debug3: mm_answer_keyallowed entering
  Apr 16 20:58:47 ubuntu sshd[21728]: debug3: mm_answer_keyallowed: key_from_blob: 0xb9084978
  Apr 16 20:58:47 ubuntu sshd[21728]: debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
  Apr 16 20:58:47 ubuntu sshd[21728]: debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
  Apr 16 20:58:47 ubuntu sshd[21728]: debug1: temporarily_use_uid: 1000/1000 (e=0/0)
  Apr 16 20:58:47 ubuntu sshd[21728]: debug1: trying public key file /home/sasha/.ssh/authorized_keys
  Apr 16 20:58:47 ubuntu sshd[21728]: debug1: restore_uid: 0/0
  Apr 16 20:58:47 ubuntu sshd[21728]: debug1: temporarily_use_uid: 1000/1000 (e=0/0)
  Apr 16 20:58:47 ubuntu sshd[21728]: debug1: trying public key file /home/sasha/.ssh/authorized_keys2
  Apr 16 20:58:47 ubuntu sshd[21728]: debug1: restore_uid: 0/0
  Apr 16 20:58:47 ubuntu sshd[21728]: Failed publickey for sasha from 10.0.0.11 port 51194 ssh2
  Apr 16 20:58:47 ubuntu sshd[21728]: debug3: mm_answer_keyallowed: key 0xb9084978 is not allowed
  ...

To manage notifications about this bug go to:
https://bugs.launchpad.net/ecryptfs/+bug/362427/+subscriptions

More information about the foundations-bugs mailing list