ecryptfs team mailing list archive

Thread
Date

[Bug 364015] Re: Support a wrapped-passphrase.ssh, wrapped with an ssh private key

To: ecryptfs@xxxxxxxxxxxxxxxxxxx
From: Dustin Kirkland <dustin.kirkland@xxxxxxxxx>
Date: Sat, 02 May 2009 17:06:29 -0000
Reply-to: Bug 364015 <364015@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Having talked to Colin Watson, this is actually quite a complicated
request.  When doing ssh authentication, your private ssh key is not
actually sent to the host system.  Instead, the client signs a message
with the private key, and sends this to the server, which authenticates
the message using the public key.

As such, this might require some ssh protocol extension to solve.

:-Dustin

-- 
Support a wrapped-passphrase.ssh, wrapped with an ssh private key
https://bugs.launchpad.net/bugs/364015
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu.

Status in eCryptfs - Enterprise Cryptographic Filesystem: Confirmed
Status in “ecryptfs-utils” source package in Ubuntu: Confirmed

Bug description:
I had a problem with ssh public key auth and encrypted home directory in Jaunty. I fixed the issue by workaround provided by Dustin Kirkland:

https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/362427

But after reboot auto mount of encrypted home directory has stopped to work. There is only one error string in auth.log:

Mount of private directory return code [256]

At the same time I am able to mount home directory manually through ecryptfs-mount-private command. But  /sbin/mount.ecryptfs_private shows me the following:

keyctl_search: Required key not available
Perhaps try the interactive 'ecryptfs-mount-private'

... looks like pam_ecryptfs is not able to read  ~/.ecryptfs/wrapped-passphrase