Re: ecryptfs & ssh authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 
On Mon, 12 Dec 2011 at 10:27, Robert Freeman-Day wrote:
> The reason your local logins mound the ecryptfs system is because you
> are using the pam stack.  ecryptfs-utils offers a pam module that auto
> mounts it, see first entry here:

Yes, I know - that's the module I'm using, see 
http://nerdbynature.de/bits/ecryptfs/pam.d.txt

> The ssh packages offer no method to tie in with ecryptfs unless you tell
> sshd to use the pam stack.  Then you will likely need to use libpam-ssh
> (http://packages.debian.org/squeeze/libpam-ssh).

SSH can be configured to use PAM ("UsePAM yes") and I've configured it 
that way. And it's working...but only a few times when SSH keys are 
being used.

> You will really want to take a look at this security-wise.  It is likely
> that your key passphrase as well as your login/ecryptfs unwrap
> passphrase will need to be the same

Um, yes - that's what ecryptfs-migrate-home took care of: the password to 
login to the system is being used to unlock the ecryptfs container. I'm 
not sure what this has to do with my problem though.

> http://pam-ssh.sourceforge.net/
> http://www.clasohm.com/blog/one-entry?entry_id=12085

This is about some SSO magic, not sure how it relates to my "ecrypt stops 
unlocking my $HOME when SSH public key authentication is used" problem.

Thanks,
Christian.
-- 
BOFH excuse #348:

We're on Token Ring, and it looks like the token got loose.
--
To unsubscribe from this list: send the line "unsubscribe ecryptfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

Powered by Linux