Problems with Encrypted Home Automatic Mount and SSH Public Key Auth

Asked by Alex Mendez on 2010-06-21

Binary package hint: ecryptfs-utils

[System]
Description: Ubuntu 10.04 LTS
Release: 10.04

[Package Version]
ecryptfs-utils:
  Installed: 83-0ubuntu3
  Candidate: 83-0ubuntu3
  Version table:
 *** 83-0ubuntu3 0
        500 http://us.archive.ubuntu.com/ubuntu/ lucid/main Packages
        100 /var/lib/dpkg/status

[Issue]
Yesterday, I updated my system with apt-get, see below for list. After a reboot, I found that logging into the system using ssh public key authentication does not automatically mount my ecrypted home after the update. After running $ sudo command, following ssh logins mount the directory. Also running $ ecryptfs-mount-private with password is able to mount the home directory.

[Expected]
reboot
ssh into machine using public-key auth
have ecrypted $HOME mounted.

[What happened]
reboot
ssh into machine using public-key auth
forced to mount using ecryptfs-mount-private

[Related(?)]
This bug might be related to: <https://bugs.launchpad.net/ecryptfs/+bug/546594> , but It was not resolved outside of a system wipe, so I am not sure.
I originally fixed the public key auth using <https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/362427/comments/12>

Thank you for your time!

[Updated Packages]
2010-06-20 20:36:45 status installed tzdata 2010j-0ubuntu0.10.04
2010-06-20 20:36:50 status installed ureadahead 0.100.0-4.1
2010-06-20 20:36:50 status installed ufw 0.30pre1-0ubuntu2
2010-06-20 20:36:51 status installed man-db 2.5.7-2
2010-06-20 20:36:52 status installed libkrb5support0 1.8.1+dfsg-2ubuntu0.1
2010-06-20 20:36:52 status installed libk5crypto3 1.8.1+dfsg-2ubuntu0.1
2010-06-20 20:36:52 status installed libkrb5-3 1.8.1+dfsg-2ubuntu0.1
2010-06-20 20:36:52 status installed libgssapi-krb5-2 1.8.1+dfsg-2ubuntu0.1
2010-06-20 20:36:53 status installed openssh-client 1:5.3p1-3ubuntu4
2010-06-20 20:36:53 status installed openssh-server 1:5.3p1-3ubuntu4
2010-06-20 20:36:54 status installed update-manager-core 1:0.134.9
2010-06-20 20:36:54 status installed libgp11-0 2.92.92.is.2.30.1-0ubuntu2
2010-06-20 20:36:54 status installed libgcr0 2.92.92.is.2.30.1-0ubuntu2
2010-06-20 20:36:54 status installed gnome-keyring 2.92.92.is.2.30.1-0ubuntu2
2010-06-20 20:36:54 status installed libcairomm-1.0-1 1.8.4-0ubuntu1
2010-06-20 20:36:54 status installed libcups2 1.4.3-1ubuntu1
2010-06-20 20:36:54 status installed libcupsimage2 1.4.3-1ubuntu1
2010-06-20 20:36:54 status installed libgtkmm-2.4-1c2a 1:2.20.3-0ubuntu1
2010-06-20 20:36:55 status installed libpam-gnome-keyring 2.92.92.is.2.30.1-0ubuntu2
2010-06-20 20:36:55 status installed udisks 1.0.1-1ubuntu1
2010-06-20 20:36:55 status installed xserver-common 2:1.7.6-2ubuntu7.1
2010-06-20 20:36:55 status installed xserver-xorg-core 2:1.7.6-2ubuntu7.1
2010-06-20 20:36:55 status installed libc-bin 2.11.1-0ubuntu7.1
2010-06-20 20:36:55 status installed update-manager-core 1:0.134.9
2010-06-20 20:36:56 status installed python-central 0.6.15ubuntu1
2010-06-20 21:53:53 status installed man-db 2.5.7-2
2010-06-20 21:53:54 status installed gitk 1:1.7.0.4-1

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu ecryptfs-utils Edit question
Assignee:
No assignee Edit question
Last query:
2010-06-21
Last reply:
2011-03-09

This question was originally filed as bug #596994.

I am suffering from this issue as well. I'd previously had an issue with it where this only occurred on the very first login after reboot, and subsequent logins were fine, however, this has now happened several times.

spriggsj@home:~$ apt-cache policy ecryptfs-utils
ecryptfs-utils:
  Installed: 83-0ubuntu3
  Candidate: 83-0ubuntu3
  Version table:
 *** 83-0ubuntu3 0
        500 http://ubuntu.virginmedia.com/archive/ lucid/main Packages
        100 /var/lib/dpkg/status
spriggsj@home:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 10.04 LTS
Release: 10.04
Codename: lucid

Dustin Kirkland  (kirkland) said : #2

Right, so unfortunately, encrypted home and ssh-public-key-authentication are fundamentally incompatible.

Entering a passphrase at login *absolutely* required in order to mount your home directory. Once you do this once, as you say, subsequent ssh-public-key-auths work fine. This is because it's mounted already.

Sorry.

Can you help with this problem?

Provide an answer of your own, or ask Alex Mendez for more information if necessary.

To post a message you must log in.