Jump to content

Linux: Difference between revisions

Linux (view source)

Revision as of 17:40, 31 May 2020

153 bytes added ,  31 May 2020
→‎Encrypt Home After Install
Line 571: Line 571:
** E.g. Move all startup scripts in your <code>~/bin</code> to <code>/usr/bin</code>
** E.g. Move all startup scripts in your <code>~/bin</code> to <code>/usr/bin</code>
* <code>ssh</code> will not work until home has been decrypted since the authorized keys are in <code>~/.ssh/authorized_keys</code>
* <code>ssh</code> will not work until home has been decrypted since the authorized keys are in <code>~/.ssh/authorized_keys</code>
** One workaround is as follows:
 
**# Move ssh keys elsewhere such as <code>/etc/ssh/authorized_keys/<user></code>. Add <code>/etc/ssh/authorized_keys/%u</code> to the <code>AuthorizedKeysFile</code> line in <code>/etc/ssh/sshd_config</code>.
{{hidden | SSH Workaround |
**# Create a sudo user with and unencrypted home directory.
Getting SSH to work with an encrypted home dir is a giant pain. 
**# After every restart, ssh into the unencrypted sudo user and decrypt your home directory:  
Also things like tmux still won't work. 
**#:<code>sudo fscrypt unlock /home/david --user=david</code>
Overall I do not recommend doing this on a server.
**# Then ssh into your account.
 
# Move ssh keys elsewhere such as <code>/etc/ssh/authorized_keys/<user></code>.  
#* Add <code>/etc/ssh/authorized_keys/%u</code> to the <code>AuthorizedKeysFile</code> line in <code>/etc/ssh/sshd_config</code>.
# Create a sudo user with and unencrypted home directory.
# After every restart, ssh into the unencrypted sudo user and decrypt your home directory:  
#:<code>sudo fscrypt unlock /home/david --user=david</code>
# Then ssh into your account.
}}
Retrieved from "https://wiki.davidl.me/view/Special:MobileDiff/3464"