ssh/check-user-ssh.sh - check for additional authorized_keys when encrypted home directory

[BradleyA]

ssh supports additional locations for authorized_keys file in /etc/ssh/sshd_config (AuthorizedKeysFile). Use case: If you have an encrypted home directory, SSH cannot access your authorized_keys file because it is inside your encrypted home directory and won't be available until after you are authenticated. Therefore, SSH will default to password authentication.

To solve this, create a folder outside your home named /etc/ssh/ (replace "" with your actual username). This directory should have 755 permissions and be owned by the user. Move the authorized_keys file into it. The authorized_keys file should have 644 permissions and be owned by the user.

Then edit your /etc/ssh/sshd_config and add:

AuthorizedKeysFile /etc/ssh/%u/authorized_keys

Need to add check for other authorized_keys file location in /etc/ssh/sshd_config file

• directory permission to this location 755 ?
• file permissions for authorized_keys 644 ?
• trouble shooting section, need to test
• https://unix.stackexchange.com/questions/37164/ssh-and-home-directory-permissions

[BradleyA]

The release announcement for version 3 states that authorized_keys2 is deprecated and all keys should be put in the authorized_keys file. https://marc.info/?l=openssh-unix-dev&m=100508718416162&w=2