Is there any way to automount ecryptfs mounts when logging in via ssh key and without additional user interaction?
For example, is there any ssh extension that tells the client to decrypt some remote stuff like the ecryptfs passwd by using its private key?
An old thread, but I couldn't find an answer, so I'll post what I did.
It is possible, but it is not so simple. You must know what you're doing, so I'll post only guidelines, not the copy/paste solution.
On host:
write permission on unmounted $HOMEencryptfs-mount-private script to unmounted $HOME, and change LOGNAME to accept parameter (a password)Make script (i.e. mySSHlogin)that'll
a) copy .XAuthority from unmounted $HOME to some common location (i.e. /tmp)
b) mount ecryptefs (2.) with password given as param and cd ~
c) make backup of .XAuthority in mounted $HOME
d) move .Xauthority from common location to mounted $HOME
e) start shell
f) restore original .Xauthority file in mounted $HOME
On remote:
ssh that exec that script (3.) with supplied password on host(gnome-terminal -x ssh -Y me@host -t /home/me/mySSHlogin somePassword)
Security is somewhat compromised by leaving .Xauthority in unmounted $HOME (what could be solved by moving instead of copying in 2., but xauth shows a notice than), but should be fine on local network.
Also, concurrent access through ssh and directly on host can show unpredictable in certain conditions (what might be solved by appending .Xauthority from unmounted to mounted .Xauthority, which should than be cleaned periodically).
As I said, those are just guidelines.
And, as always, backup, backup, backup.
Of course, all this can be avoided if you're using password for ssh, and sshpass that supplies the password, so you don't have to type it.
