touch-packages team mailing list archive

Thread
Date
[Bug 362427] Re: Public key ssh auth doesn't work with my Encrypted Home Directory

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: remyvrs <remyvrs@xxxxxxxxx>
Date: Mon, 28 Jul 2014 11:57:39 -0000
Reply-to: Bug 362427 <362427@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Hi guys,
I am not really an experienced user and haven't actually applied the solution proposed in comment #12 , but 

as I understand the authorized public key  is added in .ssh/authorized_keys, 
so, wouldn't it be possible to put another public key using a live cd and then login using the corresponding private key ? 

Best Regards,

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/362427

Title:
  Public key ssh auth doesn't work with my Encrypted Home Directory

Status in eCryptfs:
  Invalid
Status in “ecryptfs-utils” package in Ubuntu:
  Invalid
Status in “openssh” package in Ubuntu:
  Invalid

Bug description:
  Spent all night to understand why public key ssh auth doesn't work. It
  seems to me that issue only affects Jaunty. Please have a look at the
  details below.

  So, the configuration is:

  1. Client
  - lsb_release: Ubuntu 8.10 intrepid
  - ssh-client: OpenSSH_5.1p1 Debian-3ubuntu1, OpenSSL 0.9.8g 19 Oct 2007

  2. Server A
  - lsb_release: Ubuntu 8.04.2 hardy
  - sshd: OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007

  3. Server B
  - lsb_release: Ubuntu 9.04 jaunty
  - sshd: OpenSSH_5.1p1 Debian-5ubuntu1, OpenSSL 0.9.8g 19 Oct 2007

  Server A and Server B have the same /etc/ssh/sshd_config:
  RSAAuthentication yes
  PubkeyAuthentication yes
  StrictModes no

  I turned StrictModes to "no", but every server has the same
  permissions on user's .ssh folder and .ssh/authorized_keys file.
  authorized_keys is the same on Server A and Server B.

  So, I am able to connect with public key from Client machine to Server
  A, but I can't connect to Server B.

  I run ssh client and sshd on Server B in debug mode, please find logs
  attached.

  Most important strings from auth.log:

  ...
  Apr 16 20:58:47 ubuntu sshd[21728]: debug3: mm_request_receive entering
  Apr 16 20:58:47 ubuntu sshd[21728]: debug3: monitor_read: checking request 21
  Apr 16 20:58:47 ubuntu sshd[21728]: debug3: mm_answer_keyallowed entering
  Apr 16 20:58:47 ubuntu sshd[21728]: debug3: mm_answer_keyallowed: key_from_blob: 0xb9084978
  Apr 16 20:58:47 ubuntu sshd[21728]: debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
  Apr 16 20:58:47 ubuntu sshd[21728]: debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
  Apr 16 20:58:47 ubuntu sshd[21728]: debug1: temporarily_use_uid: 1000/1000 (e=0/0)
  Apr 16 20:58:47 ubuntu sshd[21728]: debug1: trying public key file /home/sasha/.ssh/authorized_keys
  Apr 16 20:58:47 ubuntu sshd[21728]: debug1: restore_uid: 0/0
  Apr 16 20:58:47 ubuntu sshd[21728]: debug1: temporarily_use_uid: 1000/1000 (e=0/0)
  Apr 16 20:58:47 ubuntu sshd[21728]: debug1: trying public key file /home/sasha/.ssh/authorized_keys2
  Apr 16 20:58:47 ubuntu sshd[21728]: debug1: restore_uid: 0/0
  Apr 16 20:58:47 ubuntu sshd[21728]: Failed publickey for sasha from 10.0.0.11 port 51194 ssh2
  Apr 16 20:58:47 ubuntu sshd[21728]: debug3: mm_answer_keyallowed: key 0xb9084978 is not allowed
  ...

To manage notifications about this bug go to:
https://bugs.launchpad.net/ecryptfs/+bug/362427/+subscriptions