Opened 6 months ago

Closed 5 months ago

#759 closed System Defect (wontfix)

PEFS for ssh logins

Reported by: gcw Owned by: Kris
Priority: major Milestone:
Component: System Configuration Version: 9.0-RELEASE
Keywords: PEFS SSH Cc: trac-bugs@…

Description

As of 9.2 RC4, it appears as though user directories are not decrypted if the user first logs in via SSH.

Change History (3)

comment:1 Changed 6 months ago by joshms

  • Owner set to Kris

Can you try the 9.2 Release ISO and see if this is still an issue? The version you posted said you are using 9.0.

comment:2 Changed 6 months ago by gcw

My apologies, I should have changed that to say 9.2 (been quite a while since I've used Trac).

The issue still persists in 9.2-RELEASE:

[gcw@GCWMBP:/Volumes/Home/gcw>
% ssh 10.24.42.42
Password for gcw@pcbsd00:
Last login: Wed Oct 16 22:04:23 2013 from :0
FreeBSD 9.2-RELEASE-p8 (GENERIC) #0: Mon Sep 23 16:26:45 UTC 2013

Welcome to PC-BSD!

For information on the web, visit us at www.pcbsd.org
pcbsd00% ls
pcbsd00% ls -al
total 2225
drwxr-xr-x  36 gcw   gcw         75 Oct 17 00:50 .
drwxr-xr-x   3 root  wheel        3 Sep 22 01:39 ..
drwx------   3 gcw   gcw          3 Sep 22 01:56 .0+ZHouNq_8r0DgZSNsEg_ZhTYmw4JvnK
-rw-r--r--   1 gcw   gcw        158 Sep 22 01:39 .11vSuYOD58Y1nry0chktfLBQWnqA9mafHSao8H4ZQCGy9+09I_FFbQ
-rw-r--r--   1 gcw   gcw      35567 Sep 22 18:40 .25uhbZMWfAMiC4Oynh06cmR5rDopbPQCcIEySX+EiYSVQDeSWp+hWw
-rw-r--r--   1 gcw   gcw        276 Sep 22 01:39 .32erYtevAXyTRGXdTNVKYSnDP40bQ4Yo
-rw-r--r--   1 gcw   gcw         92 Sep 22 01:39 .4ccYc71bLajjD+HeJIyo1M+s7c1FsqSwqv0SJyFyGr6iQUq6ywglqQ
-rw-------   1 gcw   gcw        115 Sep 30 23:16 .8qCloukKPwg++IOroQHHmSHy5fH5itDnT_NH9xwKNeNZ1vInMeOtxA
drwx------   3 gcw   gcw          3 Sep 22 01:43 .9Th0_WkfvVPHcDm+Y0L4N8ff_rvUsT4v
lrwxr-xr-x   1 gcw   gcw         19 Sep 22 14:47 .9tbhy8xQr7Tk2erAnTFykl6LB7B1RBoJ -> rNsJaMjD+Eam_MZywLWBMTvIAw
drwxr-xr-x   3 gcw   gcw          3 Oct 16 22:04 .AYvbpavWh2WjDLdO2RjLl81Y0pGM6oOF
-rw-r--r--   1 gcw   gcw       1516 Sep 22 01:39 .AZXKwSKcSnTEJFd2f4e1JT_7LSwXeKcz3dXlJDuh5G0n84L55MKnRQ

comment:3 Changed 5 months ago by kris

  • Resolution set to wontfix
  • Status changed from new to closed

Ok, i checked into this and it looks like PEFS does *not* support auto-decryption via SSH. (The password doesn't get passed along to PAM)

If you want to use pefs / ssh, once you login use this command:
# pefs addkey -c /usr/home/<username>

Then enter your password and it'll decrypt the homedir.

Note: See TracTickets for help on using tickets.