l e m m s t e r . d e
  • Home
  • impressum
  • talks
  • Categories
  • Tags
  • Archives

Multiple locations for openssh's AuthorizedKeysFile useful in combination with encrypted home dirs (ecryptfs)

When using disk encryption (e.g. ecryptfs) to protect your private home dir data, ssh pubkey authentication breaks as a side effect. It breaks for obvious reasons though. Your authorized_keys file lives in ~/.ssh/ which is intentionally encrypted when you are not logged in.

A trivial change to still allow password less/free logins, is to add a second authorized_keys file location to /etc/ssh/sshd_config. Just add/change AuthorizedKeysFile to point to '%h/.ssh/authorized_keys /etc/ssh/%u/authorized_keys'. This makes ssh first look into ~/.ssh/ and fall back to /etc/ssh/~/ if no valid authorized_keys file can be found (make sure to chown ownership of the latter to the login user).


Published

Jun 2, 2013

Category

hacks

Contact

  • Powered by Pelican. Theme: Elegant