2

通过 ssh 密钥登录且无需额外的用户交互时,有什么方法可以自动挂载 ecryptfs 挂载?

例如,是否有任何 ssh 扩展告诉客户端使用其私钥解密一些远程内容,例如 ecryptfs passwd?

4

1 回答 1

0

An old thread, but I couldn't find an answer, so I'll post what I did.

It is possible, but it is not so simple. You must know what you're doing, so I'll post only guidelines, not the copy/paste solution.

On host:

  1. Give write permission on unmounted $HOME
  2. Copy encryptfs-mount-private script to unmounted $HOME, and change LOGNAME to accept parameter (a password)

  3. Make script (i.e. mySSHlogin)that'll

    a) copy .XAuthority from unmounted $HOME to some common location (i.e. /tmp)

    b) mount ecryptefs (2.) with password given as param and cd ~

    c) make backup of .XAuthority in mounted $HOME

    d) move .Xauthority from common location to mounted $HOME

    e) start shell

    f) restore original .Xauthority file in mounted $HOME

On remote:

  1. run ssh that exec that script (3.) with supplied password on host

(gnome-terminal -x ssh -Y me@host -t /home/me/mySSHlogin somePassword)

Security is somewhat compromised by leaving .Xauthority in unmounted $HOME (what could be solved by moving instead of copying in 2., but xauth shows a notice than), but should be fine on local network.

Also, concurrent access through ssh and directly on host can show unpredictable in certain conditions (what might be solved by appending .Xauthority from unmounted to mounted .Xauthority, which should than be cleaned periodically).

As I said, those are just guidelines. And, as always, backup, backup, backup.

Of course, all this can be avoided if you're using password for ssh, and sshpass that supplies the password, so you don't have to type it.

于 2015-04-16T06:45:10.800 回答