top | item 28632070

(no title)

> Also, once you've got per-user encryption on ~/.ssh/authorized_keys you'll need some other mechanism for users to log in.

OpenSSH supports this through the AuthorizedKeysFile directive - it'd be quite simple for the homedir mounting tool to sync that file from the user's authorized_keys file on unmount.

You could also use SSH certificates, but that requires a CA - not ideal for the home user.

discuss

aaronmdjones|4 years ago

You can also store the file anywhere else, a la

    AuthorizedKeysFile /etc/ssh/authorized_keys/%u

(For example, /etc/ssh/authorized_keys/bob)