SSH public key auth with encrypted drive

Hoping someone knows more about this than me. Running Ubuntu Server 18.04 with OpenSSH. I want to disable password auth, and just use public key. I have my key files generated, and the public key saved to:


The problem is, it only works if I’ve logged into the system locally beforehand. Otherwise, it says that no approved authentication method exists, and Putty exits. If I’ve logged in locally since the machine has booted, it works fine with the public key.

I suspect that the problem is that when I set up the machine (years ago) I set it up to run in RAID with encryption. I don’t recall if it’s full disk or just the home directory, and I’m not totally sure how to check. Anyways, my guess is that OpenSSH can’t actually read the public key because it’s encrypted, until I’ve logged in locally.

Does anyone have any idea on how to work around this securely? I don’t mind the public key not being encrypted, but I’m not sure if it’s possible to cache the keys with OpenSSH somewhere else? Or manually decrypt one folder?

As an aside, it’s amazing how powerful Linux is, I’ve been loving getting to know it through the command line, but another amazing thing is just how many problems it seems to generate. It’s crazy just how explicit you have to be when using it.

You can set a directory outside of the encrypted volume/directory to store your public key. You can set this in the /etc/ssh/ssh.conf file on the server.

Alternatively you could create a new user for ssh that doesn’t have an encrypted home folder.

1 Like