ecryptfs team mailing list archive

Thread
Date
Re: [Bug 362427] Re: Public key ssh auth doesn't work in Jauny

To: ecryptfs@xxxxxxxxxxxxxxxxxxx
From: Dustin Kirkland <dustin.kirkland@xxxxxxxxx>
Date: Thu, 16 Apr 2009 22:20:40 -0000
Reply-to: Bug 362427 <362427@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Okay, so your public key is locked away in encryption, if you're not
already logged into the system.

You can work around this by accessing your un-mounted (ie,
not-encrypted) home directory, and putting your public key there.

 $ /sbin/ecryptfs.umount_private && cd && /sbin/ecryptfs.mount_private
 $ mkdir .ssh
 $ echo $PUBKEY > .ssh/authorized_keys

:-Dustin

** Also affects: ecryptfs-utils (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: ecryptfs-utils (Ubuntu)
   Importance: Undecided => Medium

** Changed in: ecryptfs-utils (Ubuntu)
       Status: New => In Progress

** Changed in: ecryptfs-utils (Ubuntu)
     Assignee: (unassigned) => Dustin Kirkland (kirkland)

** Also affects: ecryptfs
   Importance: Undecided
       Status: New

** Changed in: ecryptfs
   Importance: Undecided => Medium

** Changed in: ecryptfs
       Status: New => In Progress

** Changed in: ecryptfs
     Assignee: (unassigned) => Dustin Kirkland (kirkland)

** Changed in: openssh (Ubuntu)
   Importance: Undecided => Medium

** Changed in: openssh (Ubuntu)
       Status: Invalid => In Progress

** Changed in: openssh (Ubuntu)
     Assignee: (unassigned) => Dustin Kirkland (kirkland)

** Changed in: ecryptfs-utils (Ubuntu)
       Status: In Progress => Invalid

** Changed in: openssh (Ubuntu)
       Status: In Progress => Invalid

** Changed in: ecryptfs
       Status: In Progress => Invalid

** Converted to question:
   https://answers.edge.launchpad.net/ecryptfs/+question/67703

** Summary changed:

- Public key ssh auth doesn't work in Jaunty
+ Public key ssh auth doesn't work with my Encrypted Home Directory

-- 
Public key ssh auth doesn't work with my Encrypted Home Directory
https://bugs.launchpad.net/bugs/362427
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu.

Status in eCryptfs - Enterprise Cryptographic Filesystem: Invalid
Status in “ecryptfs-utils” source package in Ubuntu: Invalid
Status in “openssh” source package in Ubuntu: Invalid

Bug description:
Spent all night to understand why public key ssh auth doesn't work. It seems to me that issue only affects Jaunty. Please have a look at the details below.

So, the configuration is:

1. Client
- lsb_release: Ubuntu 8.10 intrepid
- ssh-client: OpenSSH_5.1p1 Debian-3ubuntu1, OpenSSL 0.9.8g 19 Oct 2007

2. Server A
- lsb_release: Ubuntu 8.04.2 hardy
- sshd: OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007

3. Server B
- lsb_release: Ubuntu 9.04 jaunty
- sshd: OpenSSH_5.1p1 Debian-5ubuntu1, OpenSSL 0.9.8g 19 Oct 2007

Server A and Server B have the same /etc/ssh/sshd_config:
RSAAuthentication yes
PubkeyAuthentication yes
StrictModes no

I turned StrictModes to "no", but every server has the same permissions on user's .ssh folder and .ssh/authorized_keys file. authorized_keys is the same on Server A and Server B.

So, I am able to connect with public key from Client machine to Server A, but I can't connect to Server B.

I run ssh client and sshd on Server B in debug mode, please find logs attached.

Most important strings from auth.log:

...
Apr 16 20:58:47 ubuntu sshd[21728]: debug3: mm_request_receive entering
Apr 16 20:58:47 ubuntu sshd[21728]: debug3: monitor_read: checking request 21
Apr 16 20:58:47 ubuntu sshd[21728]: debug3: mm_answer_keyallowed entering
Apr 16 20:58:47 ubuntu sshd[21728]: debug3: mm_answer_keyallowed: key_from_blob: 0xb9084978
Apr 16 20:58:47 ubuntu sshd[21728]: debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
Apr 16 20:58:47 ubuntu sshd[21728]: debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
Apr 16 20:58:47 ubuntu sshd[21728]: debug1: temporarily_use_uid: 1000/1000 (e=0/0)
Apr 16 20:58:47 ubuntu sshd[21728]: debug1: trying public key file /home/sasha/.ssh/authorized_keys
Apr 16 20:58:47 ubuntu sshd[21728]: debug1: restore_uid: 0/0
Apr 16 20:58:47 ubuntu sshd[21728]: debug1: temporarily_use_uid: 1000/1000 (e=0/0)
Apr 16 20:58:47 ubuntu sshd[21728]: debug1: trying public key file /home/sasha/.ssh/authorized_keys2
Apr 16 20:58:47 ubuntu sshd[21728]: debug1: restore_uid: 0/0
Apr 16 20:58:47 ubuntu sshd[21728]: Failed publickey for sasha from 10.0.0.11 port 51194 ssh2
Apr 16 20:58:47 ubuntu sshd[21728]: debug3: mm_answer_keyallowed: key 0xb9084978 is not allowed
...