how to setup .ssh directory inside an encrypted volume on Mac OSX and still have public key logins?
- by Vitaly Kushner
I have my .ssh directory inside an encrypted sparse image.
i.e. ~/.ssh is a symlink to /Volumes/VolumeName/.ssh
The problem is that when I try to ssh into that machine using a public key I see the following error message in /var/log/secure.log:
Authentication refused: bad ownership or modes for directory /Volumes
Any way to solve this in a clean way?
Update:
The permissions on ~/.ssh and authorized_keys are right:
> ls -ld ~
drwxr-xr-x+ 77 vitaly staff 2618 Mar 16 08:22 /Users/vitaly/
> ls -l ~/.ssh
lrwxr-xr-x 1 vitaly staff 22 Mar 15 23:48 /Users/vitaly/.ssh@ -> /Volumes/Astrails/.ssh
> ls -ld /Volumes/Astrails/.ssh
drwx------ 3 vitaly staff 646 Mar 15 23:46 /Volumes/Astrails/.ssh/
> ls -ld /Volumes/Astrails/
drwx--x--x@ 18 vitaly staff 1360 Jan 12 22:05 /Volumes/Astrails//
> ls -ld /Volumes/
drwxrwxrwt@ 5 root admin 170 Mar 15 20:38 /Volumes//
error message sats the problem is with /Volumes, but I don't see the problem.
Yes it is o+w but it is also +t which should be ok but apparently isn't.
The problem is I can't change /Volumes permissions (or rather shouldn't) but I do want public key login to work.
First I thought of mounting the image on other place then /Volumes, but it is automaunted on login by standard OSX mounting. I asked about it here: How to change disk image's default mount directory on osx
The only answer I got is "you can't" ;)
I could hack my way around, by writing some shellscript that will manually mounting volume at a non-standard location but it would be a gross hack, I'm still looking for a cleaner way to do what I need.
