Home / ubuntu / Questions / 115497
Accepted
Stephen RC
Asked: 2012-03-24 13:22:19 +0800 CST

Encrypted Home directory not auto mounting

  • 772

I somehow managed to break auto-mounting for my encrypted home directory.

Every time I login via SSH, I see this:

valorin@joshua:~$ ls -la
total 44
dr-x------ 3 valorin valorin  4096 2012-03-17 17:10 .
drwxr-xr-x 7 root    root     4096 2012-03-17 11:45 ..
lrwxrwxrwx 1 valorin valorin    56 2012-03-08 20:37 Access-Your-Private-Data.desktop -> /usr/share/ecryptfs-utils/ecryptfs-mount-private.desktop
-rw------- 1 valorin valorin   917 2012-03-17 19:24 .bash_history
drwx------ 3 valorin valorin  4096 2012-03-16 17:58 .cache
lrwxrwxrwx 1 valorin valorin    33 2012-03-08 20:37 .ecryptfs -> /home/.ecryptfs/valorin/.ecryptfs
-rw-r--r-- 1 root    root    21954 2012-03-08 20:35 .face
lrwxrwxrwx 1 valorin valorin    32 2012-03-08 20:37 .Private -> /home/.ecryptfs/valorin/.Private
lrwxrwxrwx 1 valorin valorin    52 2012-03-08 20:37 README.txt -> /usr/share/ecryptfs-utils/ecryptfs-mount-private.txt
-rw------- 1 root    root      703 2012-03-17 17:10 .viminfo

Any ideas what I've done, and how I can fix it?

UPDATE:

I have set up the SSH key authentication using the method here, which in hindsight is the reason for the non-working encrypted home directory.

So, my new question, how do I get it to automatically prompt for the password after I have logged in with the SSH auth key?

home-directory ecryptfs

3 Answers

  1. Best Answer

    Okay, so while it's possible to use SSH Public Key authentication to log into your system without entering a password (even if your home directory is encrypted), it's not possible to automatically mount your encrypted home directory.

    To solve this, you'll need to add a line to the end of your unmounted $HOME/.profile:

    ecryptfs-mount-private

    This will ensure that after you've logged in using SSH Public Key authentication, you'll be prompted for your password and will mount your encrypted data. If it's already mounted, then this command should just silently succeed.

    Enjoy!

    Full disclosure: I'm one of the authors and maintainers of eCryptfs.

    • 29

  2. Try the following:

    1. Make sure that /etc/pam.d/common-session contains this line:

       # Encrypt home
 session    optional    pam_ecryptfs.so unwrap

    2. Make sure that /etc/pam.d/common-auth contains this line:

       auth   optional    pam_ecryptfs.so unwrap

    3. Make sure that /etc/pam.d/sshd contains these lines:

       # Standard Un*x authorization.
 @include common-account

 # Standard Un*x session setup and teardown.
 @include common-session

    4. If you have changed your user's password recently, check /etc/pam.d/common-password

      If it doesn't contain this line:

       password   optional    pam_ecryptfs.so

      Then you need your old password to reconfigure ecryptfs.

      My suggestion is to change your account to your previous password using passwd and then adding the above line to /etc/pam.d/common-password and then changing the password back to the new password.

      Alternatively you can try this:

      ecryptfs-setup-private

      Make sure you enter the same password as your users password when prompted.

    5. If none of the above works, try running ecryptfs-setup-private perhaps it will fix something.

    6. If it is still not working then I am out of ideas, sorry.

    • 2

  3. By following these instructions you mentioned in your post, you specifically made it so you could SSH into your account without your home folder being mounted. If you undo what you did there and put it back to how it was before, then when you SSH in you will be forced to enter your password if your home directory isn't decrypted already. (If your home directory is already decrypted because of another session, then your SSH key will work perfectly for a passwordless connection!)

    Otherwise, the alternative is to run ecryptfs-mount-private after you log in with your key to manually decrypt your home folder.

    • 2