On Thursday, December 5, 2019 5:41:44 AM MST Nico Kadel-Garcia wrote:
If someone wants to spend that much of their resources on homedir
security, they need to decide whether they want SSH key based access.
That is manageable by configuring SSH to store SSH public keys in an
alternate location and inform the users of the modified sshd_config
and its modified, accessible "AuthorizedKeysFile" setting. Or the user
can spend the time and effort to activate Kerberos based logins, or
use password based logins. I'd avoid trying to rewrite SSH for such an
OS-specific and non-portable need as homedir decryption mounting.
Please don't recommend to anyone to use passwords for SSH. That is incredibly
insecure, and if privileged users are using password-based SSH, that'll
quickly lead to a serious compromise of your entire system, depending on the
complexity of the password, of course, but still holds nothing to key-based
authentication with the best password.
In common usage, very few people encrypt their home directories
separately from their basic disk image. It makes system management for
administrators or even a local root user very awkward. I could see it
for home directories in "/home", and it would only cost SSH key based
access, not ordinary password or Kerberos ticket based login. But it
sounds quite risky and destabilizing, much as the "kill dangling
processes when people log out". That caused a lot of shock when it
was activated by default and started killing processes with no
logging. Let's not repeat a surprise like that and avoid killing SSH
key access by default.
A bit off topic, but where is "kill danging processes when people log out"
set? I've not experienced that anywhere.
--
John M. Harris, Jr.
Splentity