Remote login with encrypted /home

When moved to Tumbleweed I’ve encrypted whole /home partition with installer. I have one user system.
When I was in urge need for some document, stored at my home PC, I’ve connected to home network via tunnel and booted it with wakeonlan. But I couldn’t login into system, for sure.
With encrypted /home the system do not even start ssh daemon (I couldn’t find open port with nmap).
Although it’s not the common practice, what should I do to have a reliable way for logging into working system?

I am not sur what happened, but sshd has no connection with anything inside /home (it being a separate file system or not, it being encrypted or not). It is a pure system functionality. Thus when no process is listening on the port and you think it should, something different is incorrect.

Of course when then user xxx tries to log in, access to xxx’s home directory is needed.

It isn’t clear what you are doing here.

If “/home” is encrypted, then presumably it asks for the encryption key during boot. And if you cannot provide that, it may not fully boot.

Possibly, you could add “nofail” to the options in “/etc/fstab” for this file system. That might allow the system to boot up without “/home”. Note that I have not experimented with this.

If that works, then you have an additional problem if you are using public key authentication. But there’s an option in “sshd_config” for that. You can define “AuthorizedKeysFile” so that it looks somewhere outside of “/home” to find the public keys that it will accept.

Another possibility – give up on “/home” encryption. Instead, use “ecryptfs” and set up an “ecryptfs” encrypted home directory. That way the system will boot normally, and the encrypted home directory will be decrypted with login – assuming that you use a password to login.

Oh yes, sorry. I forgot that the system probably will not boot at all when it can not use /home.
Amd then it will of course not listen on any portl. :frowning:

Nofail option didn’t help. System doesn’t even receive IP-address from DHCP server according to my router info.
Fstab options in YaST have “Mountable by user” and “Do not mount on system Start-up” options. Will I screw everything up if I’ll try them?

The “Do not mount on system Start-up” results in the “noauto” option. You could add that at the “nofail”, but I doubt it will help in your case.

The “Mountable by user” will result in the “user” option, which means that the file system may be mounted by any user that runs the mount command (instead allow root only). Will not help you.

I think that looking in what happens at boot may help in understanding where things brake. Hitting the Esc key during boot (of course starting it wiith the WOL, but sitting before it to look what happens). And afterwards maybe the log could help E.g.


Are you using wicked or NetworkManager? Are you using LAN or WiFi? Are you using user or system connections in case of NetworkManager?

It is impossible to give any useful reply when the only information you provide is “nothing works”.

I’m using LAN with wicked.