ecryptfs team mailing list archive

Thread
Date

Re: [Bug 268014] Re: No way to mount the encrypted private directory when logging in over ssh using public key auth

To: ecryptfs@xxxxxxxxxxxxxxxxxxx
From: Dustin Kirkland <dustin.kirkland@xxxxxxxxx>
Date: Fri, 03 Oct 2008 19:49:36 -0000
Reply-to: Bug 268014 <268014@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

That's a great point.  I'm going to update my blog and the wiki page
accordingly.  Thanks for your careful eye to detail ;-)

:-Dustin

-- 
No way to mount the encrypted private directory when logging in over ssh using public key auth
https://bugs.launchpad.net/bugs/268014
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu.

Status in “ecryptfs-utils” source package in Ubuntu: Invalid

Bug description:
Binary package hint: ecryptfs-utils

Observed with ecryptfs-untils 53-1ubuntu8.

Steps to reproduce:
1) Set up your box so that you can login via ssh using public key authentication
2) Set up an encrypted private folder for yourself
3) Logout locally so that the encrypted private folder is unmounted
4) Login remotely using your ssh key

What happens:
The encrypted private directory is not mounted automatically and can't be mounted manually using ecryptfs-mount-private because the key has not been unwrapped.

What should happen:
I understand why the above happens, and I appreciate that the ideal solution (automount of the encrypted private folder in this case) may well not be feasible because of security considerations, but I think that ecryptfs-mount-private should really ask for your password instead of erroring out if the key for the private folder has not been unwrapped at login time for whatever reason.
I wouldn't even mind if I have to write something like ecryptfs-mount-private --ask-password to have it happen, if that must be...