Hi,
ich habe auf einem Rechner eben die /home-Partition verschlüsselt. Diese wird beim Login über PAM dann automatisch eingehängt.
Vorgegangen bin ich nach http://de.opensuse.org/Verschl%C3%BCsselung_mit_LUKS
Wie bekomme ich jetzt noch hin, dass das auch via ssh funktioniert?
UsePAM yes ist in der sshd_config jedenfalls aktiv.
Linux northwood 2.6.33.5-jng105-rt #1 SMP PREEMPT RT 2010-05-31 16:36:58 +0200 i686 i686 i386 GNU/Linux
Meldungen vom sshd:
Wo kann ich da ansetzen?
ich habe auf einem Rechner eben die /home-Partition verschlüsselt. Diese wird beim Login über PAM dann automatisch eingehängt.
Vorgegangen bin ich nach http://de.opensuse.org/Verschl%C3%BCsselung_mit_LUKS
Wie bekomme ich jetzt noch hin, dass das auch via ssh funktioniert?
Code:
/etc/pam.d/sshd
#%PAM-1.0
auth requisite pam_nologin.so
auth include common-auth
account include common-account
password include common-password
session required pam_loginuid.so
session include common-session
auth optional pam_mount.so
session optional pam_mount.so
UsePAM yes ist in der sshd_config jedenfalls aktiv.
Code:
S | Name | Typ | Version | Arch | Repository
--+-------------------+-------+--------------+--------+----------------------------------
i | pam | Paket | 1.1.0-3.2 | i586 | openSUSE-11.2-Oss
i | pam-config | Paket | 0.72-2.2 | i586 | openSUSE-11.2-Oss
i | pam-modules | Paket | 11.2-4.2.1 | i586 | openSUSE-11.2-Update
i | pam-modules | Patch | 1633 | noarch | openSUSE-11.2-Update
i | pam_mount | Paket | 2.3-0 | i586 | http://jftp.medozas.de/SUSE-11.2/
i | pam_mount | Patch | 1794 | noarch | openSUSE-11.2-Update
i | pam_mount | Patch | 1580 | noarch | openSUSE-11.2-Update
i | pam_ssh | Paket | 1.97-3.1 | i586 | openSUSE-11.2-Oss
Linux northwood 2.6.33.5-jng105-rt #1 SMP PREEMPT RT 2010-05-31 16:36:58 +0200 i686 i686 i386 GNU/Linux
Meldungen vom sshd:
Code:
2010-06-10T21:14:15.617551+02:00 northwood sshd[4296]: pam_mount(pam_mount.c:364): pam_mount 2.3: entering auth stage
2010-06-10T21:14:15.623142+02:00 northwood sshd[4292]: Accepted keyboard-interactive/pam for XXXX from 123.456.789.000 port 12345 ssh2
2010-06-10T21:14:15.626719+02:00 northwood sshd[4292]: pam_mount(pam_mount.c:553): pam_mount 2.3: entering session stage
2010-06-10T21:14:15.627202+02:00 northwood sshd[4292]: pam_mount(pam_mount.c:172): conv->conv(...): Conversation error
2010-06-10T21:14:15.627260+02:00 northwood sshd[4292]: pam_mount(pam_mount.c:476): warning: could not obtain password interactively either
2010-06-10T21:14:15.627283+02:00 northwood sshd[4292]: pam_mount(misc.c:38): Session open: (uid=0, euid=0, gid=0, egid=0)
2010-06-10T21:14:15.627522+02:00 northwood sshd[4292]: pam_mount(mount.c:196): Mount info: globalconf, user=XXXX <volume fstype="crypt" server="(null)" path="/dev/disk/by-id/ata-WDC_WD800BB-32FJA0_WD-WCAJ91265626-part1" mountpoint="/home" cipher="(null)" fskeypath="(null)" fskeycipher="(null)" fskeyhash="(null)" options="" /> fstab=0
2010-06-10T21:14:15.627939+02:00 northwood sshd[4292]: command: 'mount.crypt' '/dev/disk/by-id/ata-WDC_WD800BB-32FJA0_WD-WCAJ91265626-part1' '/home'
2010-06-10T21:14:15.628998+02:00 northwood sshd[4298]: pam_mount(misc.c:38): set_myuid<pre>: (uid=0, euid=0, gid=0, egid=0)
2010-06-10T21:14:15.629058+02:00 northwood sshd[4298]: pam_mount(misc.c:38): set_myuid<post>: (uid=0, euid=0, gid=0, egid=0)
2010-06-10T21:14:16.930993+02:00 northwood sshd[4292]: pam_mount(mount.c:64): Errors from underlying mount program:
2010-06-10T21:14:16.931242+02:00 northwood sshd[4292]: pam_mount(mount.c:68): crypt_activate_by_passphrase: Operation not permitted
2010-06-10T21:14:16.934547+02:00 northwood sshd[4292]: pam_mount(pam_mount.c:521): mount of /dev/disk/by-id/ata-WDC_WD800BB-32FJA0_WD-WCAJ91265626-part1 failed
2010-06-10T21:14:16.934603+02:00 northwood sshd[4292]: pam_mount(pam_mount.c:172): conv->conv(...): Conversation error
2010-06-10T21:14:16.934625+02:00 northwood sshd[4292]: pam_mount(pam_mount.c:476): warning: could not obtain password interactively either
2010-06-10T21:14:16.934662+02:00 northwood sshd[4292]: command: 'pmvarrun' '-u' 'XXXX' '-o' '1'
2010-06-10T21:14:16.935737+02:00 northwood sshd[4330]: pam_mount(misc.c:38): set_myuid<pre>: (uid=0, euid=0, gid=0, egid=0)
2010-06-10T21:14:16.935788+02:00 northwood sshd[4330]: pam_mount(misc.c:38): set_myuid<post>: (uid=0, euid=0, gid=0, egid=0)
2010-06-10T21:14:16.938232+02:00 northwood sshd[4292]: pam_mount(pam_mount.c:440): pmvarrun says login count is 1
2010-06-10T21:14:16.938292+02:00 northwood sshd[4292]: pam_mount(pam_mount.c:643): done opening session (ret=0)
Wo kann ich da ansetzen?