Can't do SSH public key login under encrypted home

If your home directory is encrypted, the ssh daemon can't get in it to check if your private key matches your public one. Your .ssh folder is encrypted after all.

A workaround for this might be to have your .ssh folder with your authorized_keys in plaintext in your unencrypted home directory. But if your encryption techinque uses your password as a key to decrypt everything you will still have to type it in to get everything decrypted.

So a true passwordless login will not work here. (unless you want to store your password somewhere in cleartext to be automatically fed to the decryption process, but this is even more unsecure then not encrypting at all.)

What technique are you using to encrypt your home directory?

Update: ubuntu uses ecryptfs to mount an encrypted partition on login time (so when you supply your password) To make ssh find your .ssh folder again you can do this:

# copy your .ssh folder 
mkdir /tmp/mine
chmod 700 /tmp/mine
mkdir /tmp/mine/.ssh
chmod 700 /tmp/mine/.ssh
cp ~/.ssh/authorized_keys /tmp/mine/.ssh/
cd /tmp/mine
# unmount your encrypted home drive
/sbin/umount.ecryptfs_private
# copy your ssh folder to the place ssh will actually look for
cp -r .ssh ~
# be sure to remove it again from /tmp
rm /tmp/mine/ -rf

You should now be able to login again, but you will not have your home folder unencrypted automatically. To mount it unencrypted you will have to enter this on every login:

/sbin/mount.ecryptfs_private

Which will ask you for your login password again.

More information on this can be found here: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/362427


In the ssh_config file, you can can change the location of where it looks for your private key. You could probably do something like make a new folder at /etc/ssh/keys/ and put your id_rsa private key file in there and then change the IdentityFile option in ssh_config to look in the new location. In doing so you'll want to take certain measures to secure your private key.

This is assuming you're the only user of the computer. If not, you can make folders like /etc/ssh/keys/john/ and /etc/ssh/keys/dogbert/ and then in the IdentityFile option put /etc/ssh/keys/%u/id_rsa