SSH public keys not working; the home directory is encrypted

ecryptfshomepublic-key-authenticationssh

I installed Ubuntu LTS 14.04 server edition on a remote computer, and added my local public key to ~/.ssh/authorized_keys on the remote computer. I found that I still needed to use password to log in the remote computer, even after setting the permission of ~/.ssh to 700, and ~/.ssh/* to 600 on the remote computer. However, once I log in, I can start using public key for authorization for other ssh sessions.

My home directory is encrypted.

How can I fix this?

Best Answer

Here is the solution from the link I posted in my comment. This comes from here, which references this superuser post.

Create .ssh folder in /home for the keys to be stored

sudo mkdir /home/.ssh

Move existing authorized_keys file into .ssh dir as username

sudo mv ~/.ssh/authorized_keys /home/.ssh/username

Create symbolic link to authorized_keys file in user .ssh dir

ln -s /home/.ssh/username ~/.ssh/authorized_keys

Update sshd_config file to set the new path for the authorized_keys file

sudo vim /etc/ssh/sshd_config

Change the AuthorizedKeysFile line to:

AuthorizedKeysFile      /home/.ssh/%u

Reboot the computer

sudo shutdown -r now

Login to your server and you should be presented with a minimal un-decrypted home directory... You will need to create and edit a .profile file in there to get ecryptfs to mount your home directory.

sudo vim ~/.profile

Add these lines:

ecryptfs-mount-private
cd /home/username

Log out/Restart, and go back in again. You should be prompted for your password after SSH key auth, and then be presented with your decrypted home directory.

You should now be able to login using SSH keys every time, no matter if your home dir is decrypted or not.

Best Answer

Related Solutions

Ubuntu – SSH Public Key Login with Encrypted Home

Ssh public key authentication not working

Related Question