📜 ⬆️ ⬇️

SSH authorization using keys in the encryption of the home directory

A textbook version of setting up authorization over SSH using keys knows everything: the public key is written to ~ / .ssh / authorized_keys . If the encryption of the home folder is used, the system will not be able to read the file. Therefore, it is necessary to place this data outside the encrypted home folder.

I propose to place the authorized_keys file in the / etc/ subuser/username//ssh . In this case, in / etc / ssh / sshd_config , add the appropriate line:
AuthorizedKeysFile /etc/%u/.ssh/authorized_keys
It would not be superfluous to arrange paranoid rights:
# chown -R {username}:{username} /etc/{username}
# chmod 1700 /etc/{username}
# chmod 0100 /etc/{username}/.ssh
# chmod 0600 /etc/{username}/.ssh/authorized_keys

The latter recommendation varies depending on accepted systems management techniques.


Source: https://habr.com/ru/post/103668/

All Articles