Raionale: I want to be able to automatically make backups to a remote machine, which will be encrypted with ecryptfs.
The title says it all:
I set up ecryptfs-utils on my Debian Squeeze box, and set up one user to use it via ecryptfs-setup-private. When I log in via SSH using password authentication, the ~/Private directory automatically gets mounted.
How can I achieve that ~/Private also automatically gets mounted when logging in via SSH using public key authentication? Obviously, the best solution would be if ecryptfs could somehow 'use' the SSH public key to en/decrypt the data (I know that then using the user's password would not be able to en/decrypt the data any more; this would be acceptable). Probably, this will not work. So perhaps somehow call ecryptfs-mount-private via ssh before logging in via public key? Probably, then I would need to somehow pipe the passphrase through the SSH connection, right? So I would need to store it on the source machine's file system. Not nice either.
Any other ideas?
Best Answer
You will have to either store the password to disk, or provide it when SSH'ing. There is no other reliable way.
(
sshddoes not know your private key, it can only ask the client for proof that you have it.)