I'm working on my new server installation. I'm installing to a hard drive connected to my laptop via a USB adapter. The intent is to move that drive to my server case once the install is complete and at a point where I can do a more or less seamless swap of drives. But, the laptop keyboard is annoying for long use, and the monitor is too small. So I did the core install and then enabled SSH. This way I can run a terminal window in the corner of my desktop and multi-task.
SSH to my account on the server works fine. But entering the password repeatedly is getting annoying, and I know I want to automatically mount some directories via SSHFS. So an SSH Key makes sense. Password-less SSH sessions, yet still more or less secure. (if I loose the laptop, I just need to drop the key from my authorized_keys2 file.) So, seeing as I have set up a key for another server, I already have the public key file in place. I copy that to /home/sgrover/.ssh/authorized_keys2 on the server. Then I try to SSH to the server, AND... I'm prompted for a password. The whole idea was to get rid of the password prompt. Sighs.
After a bunch of search, and making sure I did all the appropriate steps - including re-creating my key (which means I now need to fix access to my other servers), and still not working. It finally occurs to me that the /home/sgrover/.ssh/authorized_keys2 directory is in the /home/sgrover directory which is encrypted. The encryption process uses my password to decrypt the directory. So the SSH service (sshd) cannot read the authorized_keys2 file until after I have logged in. So it then falls back to a password prompt because keys are not working. DOH!
To prove this I tried a simple experiment. Dropped the user account, deleted the home directory, and then recreated the user and the home directory (with "useradd -m sgrover" as root on the server). Then I copied my public key file to the .ssh/authorized_keys2 file on the server. And finally, tried to SSH to the server again. No password prompt!!! WHOOO HOOOO!!!.
So I proved to myself that SSH Keys do not work with encrypted home directories. I'm sure there is a way to make this work, but it is not that important to me. In the hour or so it will take me to track down this detail, I'll have rebuilt the server without encryption. Technically I don't even need to do that, but I'm so early in the process of setting up this server, that the 30 minutes to do a clean install isn't going to hurt me any.
I learned something new today. If I want encryption, use drive or file based encryption, not directory based.