Ubuntu – Passwordless SSH only works when I’m already logged in on SSH

passwordssh

So I set up passwordless ssh using the following: How can I set up password-less SSH login?

After setting this up, I'd expect that I wouldn't need a password to ssh. My issue is that on my first connection to ssh, it will ask me for a password, but additional sessions on top of that will not ask for a password.

I've already checked my sshd_config to make sure that it contains:

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile  %h/.ssh/authorized_keys

Pretty sure my permissions are right, because if they weren't then passwordless ssh wouldn't be working at all.

To add more "fun" to this problem, I noticed that when I restart my computer (either the client computer or the ssh server computer), sometimes it will work. Then when I shut down the computer and try it again the next day, it doesn't work anymore. Maybe this is completely random, but it's something I've noticed.

Best Answer

This is common issue with encrypted home, and was answered many times, for example on Unix, but is covered even in official Ubuntu documentation.

This is probably caused by the fact, that your home directory (and therefore the key) is not accessible during the login time. This can be caused by the fact, that your home is mounted from network drive (on shared system) after login or your home directory is encrypted (usually installs of workstations).

Solving this is complicated, but I will have a look for some discussion. Solution is to move the AuthorizedKeysFile to some other place, that will be accessible or us global store for keys (/etc/security/authorized_keys), or some kind of SSO management system (IPA, LDAP), which will get your key from directory server (yes, can be local). Depends on how much control of the target system you have.

Probably best solution is to store your keys in other place, changing the value in sshd_config:

AuthorizedKeysFile /etc/ssh/%u/authorized_keys

Anyway, if you will move your authorized_keys, make sure they have proper permissions and count with the fact, that if you log in using public key, you will not be able to access your home directory (it is encrypted by your password!), unless you change the way how it is encrytpted.