Ubuntu
ecryptfs-utils package

When SSHing to a server with encrypted home directories doesn't automatically mount the encrypted directory

Bug #655726 reported by Jon "The Nice Guy" Spriggs
22
This bug affects 4 people
Affects Status Importance Assigned to Milestone
ecryptfs-utils (Ubuntu)
New
Undecided
Unassigned

Bug Description

Binary package hint: ecryptfs-utils

As per http://ubuntuforums.org/showthread.php?p=9931173 I have noticed that when logging in to my home server, which has encrypted directories (using ecryptfs-mount-home), it doesn't always auto-mount these directories. I am using SSH keys to authenticate with the server.

This behaviour *typically* occur after a reboot of the server, and will usually persist until the next time I SSH to the server without using the private key, but is not every time.

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: ecryptfs-utils 83-0ubuntu3
ProcVersionSignature: Ubuntu 2.6.32-25.44-generic 2.6.32.21+drm33.7
Uname: Linux 2.6.32-25-generic i686
NonfreeKernelModules: nvidia
Architecture: i386
Date: Wed Oct 6 14:32:53 2010
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release i386 (20091028.5)
ProcEnviron:
 LANG=en_GB.UTF-8
 SHELL=/bin/bash
SourcePackage: ecryptfs-utils

Revision history for this message
Jon "The Nice Guy" Spriggs (jontheniceguy) wrote :
Revision history for this message
Tuomas Heino (iheino+ub) wrote :

Maybe this could be reworded as a wishlist bug for a feature to keep some carefully selected subset of files synchronized both in ecrypts and unencrypted forms? Or should some union-mount like feature be needed to store such exceptional files only in unencrypted form?

Workaround:

In order for the keys to be used, authorized-keys should also exist in unencrypted form (this approach implies exposing some known-plaintext, consequences of which should be analyzed further).

In order to achieve this, you can use the following commands when logged in:

sudo mount -o bind /home /mnt
mkdir -m 700 /mnt${HOME#/home}/.ssh
cp -ia ${HOME}/.ssh/authorized_keys /mnt${HOME#/home}/.ssh/
sudo umount /mnt

Revision history for this message
Tuomas Heino (iheino+ub) wrote :

**Or some union-mount like feature could...

Unencrypted home directories are typically write-protected. Amended workaround with temporary permissions (if used in any script, it should save original permissions (by using touch -r on $(mktemp -d) for example)):

sudo mount -o bind /home /mnt
chmod u+w /mnt${HOME#/home}
mkdir -m 700 /mnt${HOME#/home}/.ssh
cp -ia ${HOME}/.ssh/authorized_keys /mnt${HOME#/home}/.ssh/
chmod u-w /mnt${HOME#/home}
sudo umount /mnt

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.