On Mo, 02.12.19 12:39, Chris Murphy (lists(a)colorremedies.com) wrote:
Basically you have to choose between user home security (or more
specifically privacy) and remote logins. However, there are some
ideas that could possibly work around this, to varying degrees of
inelegance, which I'll gratuitously copy from a related Workstation
WG issue [1].
1. Enhance openssh's PAM support
2. Stub account to ssh into, whereby the user is prompted to
authenticate+unlock the real account; and now ssh into the real
account.
3. Same as 2 but maybe it's possible to bind mount the real home dir
over the stub home dir, eliminating the 2nd login? (Vaguely recall
reading about this somewhere, maybe Ubuntu's use of ecryptfs based
home, now since deprecated in favor of LUKS)
4. If based on any fscrypt implementation, exclude ~/.ssh/ from
encryption
systemd-homed integrates with sshd's AuthorizedKeysCommand and
supplies any SSH keys assoicated with the user account directly to SSH
without anyone needing access ~/.ssh/. i.e. integration with SSH is
actually already in place.
The problem is that sshd's PAM implementation doesn't allow PAM
modules to ask questions in login sessions which are authenticated via
authorized_keys instead of PAM. Because if we could ask questions
then, we could simply ask the user for the passphrase to derive the
LUKS key from if we need. That would mean that if you SSH login if you
already are logged in locally, then logins would be instant, but if
you SSH login otherwise then you'd get a prompt for the pw first.
Lennart
--
Lennart Poettering, Berlin