There is an interesting it-makes-sense-when-you-think-about-it issue with Encrypted Home directories and SSH key authentication I’ve recently discovered in Ubuntu (it will affect any distro though). Since Encrypted home directories aren’t decrypted until the login is successful, and your SSH keys are stored in your home directory, the first SSH connection you make will require a password. If you have password authentication turned off, you’ll have big issues.
1. Create .ssh folder in /home for the keys to be stored
sudo mkdir /home/.ssh
2. Move existing authorized_keys file into .ssh dir as username
sudo mv ~/.ssh/authorized_keys /home/.ssh/username
3. Create symbolic link to authorized_keys file in user .ssh dir
ln -s /home/.ssh/username ~/.ssh/authorized_keys
4. Update sshd config file to set the new path for the authorized_keys file
sudo vim /etc/ssh/sshd_config
Change the AuthorizedKeysFile line to:
5. Reboot the computer
sudo shutdown -r now
6. Login to your server and you shoud be presented with a minimal un-decrypted home directory… You will need to create and edit a .profile file in there to get ecryptfs to mount your home directory.
sudo vim ~/.profile
Add these lines:
ecryptfs-mount-private cd /home/username
7. Log out/Restart, and go back in again. You should be promoted for your password after SSH key auth, and then be presented with your decrypted home directory.
You should now be able to login using SSH keys every time, no matter if your home dir is decrypted or notTweet