• VirtulBox: 6.0
  • Host: Arch Linux
  • Guest: Ubuntu 16.04.5 LTS
  • SSH server: OpenSSH_7.2p2

I configure Port Frowarding: guest 22 -> host localhost:2022. Authentication method only is "publickey".

When I start my VM I can connect as root but not local user:

  • ssh -p 2022 root@localhost -> success
  • ssh -p 2022 user@localhost -> user@localhost: Permission denied (publickey).

If I login in VM's window ssh for user will be allowed. But if I logout in VM's window new ssh connection for user will be denied.

How allow connections for user after start VM (without local login in window)?

Probably the user's home directory along with ~/.ssh/authorized_keys is encrypted; locally logged user makes it readable.

There is this question on Unix & Linux SE: Can't do SSH public key login under encrypted home. From there:

In the ssh_config file, you can can change the location of where it looks for your private key. You could probably do something like make a new folder at /etc/ssh/keys/ and put your id_rsa private key file in there and then change the IdentityFile option in ssh_config to look in the new location. In doing so you'll want to take certain measures to secure your private key.

This is assuming you're the only user of the computer. If not, you can make folders like /etc/ssh/keys/john/ and /etc/ssh/keys/dogbert/ and then in the IdentityFile option put /etc/ssh/keys/%u/id_rsa

But also:

But if your encryption techinque uses your password as a key to decrypt everything you will still have to type it in to get everything decrypted.

So a true passwordless login will not work here (unless you want to store your password somewhere in cleartext to be automatically fed to the decryption process, but this is even more unsecure then not encrypting at all).


Ubuntu uses ecryptfs to mount an encrypted partition on login time (so when you supply your password) […]. [After you login via SSH without the password] you will not have your home folder unencrypted automatically. To mount it unencrypted you will have to enter this on every login:


Which will ask you for your login password again.

