ecryptfs team mailing list archive

[Dustin Kirkland <dustin.kirkland@xxxxxxxxx>]

Okay, I finally have my head wrapped around this bug.

So here's the deal...

To mount your home directory, you *must* provide your login passphrase
at some point, because this passphrase is used "unwrap" your wrapped-
passphrase file.  This is what you're doing when you run "sudo".  Sudo
prompts you for your passphrase, which walks the pam stack and mounts
your home directory.

I'm going to update the title of this bug.  What you're really asking
for, is to have a second wrapped-passphrase file, perhaps called
~/.ecryptfs/wrapped-passphrase.ssh, which is wrapped with your ssh
private key instead of your system login passphrase.

I am going to need to study the implementation of pam_ssh and
authorized_keys...

Thanks for the report and research.

:-Dustin

-- 
Support a wrapped-passphrase.ssh, wrapped with an ssh private key
https://bugs.launchpad.net/bugs/364015
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu.

Status in eCryptfs - Enterprise Cryptographic Filesystem: Confirmed
Status in “ecryptfs-utils” source package in Ubuntu: Incomplete

Bug description:
I had a problem with ssh public key auth and encrypted home directory in Jaunty. I fixed the issue by workaround provided by Dustin Kirkland:

https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/362427

But after reboot auto mount of encrypted home directory has stopped to work. There is only one error string in auth.log:

Mount of private directory return code [256]

At the same time I am able to mount home directory manually through ecryptfs-mount-private command. But  /sbin/mount.ecryptfs_private shows me the following:

keyctl_search: Required key not available
Perhaps try the interactive 'ecryptfs-mount-private'

... looks like pam_ecryptfs is not able to read  ~/.ecryptfs/wrapped-passphrase