The problem arose some time after 2018-07-29 14:39:15 (+5:30) which is the last time when I updated the chroot!
The problem could not be with crouton since croutonversion gives 1-20180718130616.
So there is some change in buster packages since that date which is causing a problem. Since this is a "key error", perhaps one needs to check on ecryptfs?

This seems to be a recurrence of #3261.

Edit: Also see "Link user keychain to session keychain" #3246.

TL;DR Looks like su - in buster is the culprit.

It looks like the loss of permission comes with the last su - "$USERNAME" command in enter-chroot. If this is replaced with the (apparently) functionally equivalent sudo -i -u "$USERNAME" command, then the error disappears!

Further investigation is required as I have only checked this in a separate test chroot which has minimal packages installed.

Looking into /etc/pam.d/su-l we find:

#%PAM-1.0
auth		include		su
account		include		su
password	include		su
session		optional	pam_keyinit.so force revoke
session		include		su

The line revoking the keys is what causes the difficulties. This file was dropped there by util-linux which has now taken over su from coreutils in buster. Moreover, the ReleaseNotes (v2.22) for util-linux explains that /etc/pam.d/su-l is used when su - or su -l or su --login is used.

Edit: Added a bug report to util-linux so that this change is highlighted to avoid such problems.

Thanks @kapilhp, your suggestion in #3860 (comment) for changing su - into sudo -i -u fixed the problem for me, which affects Debian buster under the latest crouton release (at the time of this writing).

I've got the same problem, what's the fix?

thanks for the link, yup it works.

but the ssh deamon still have the key error ,how should i fix it ?

Is there a fix for this? @Asternitix you mention a link, but don't see one. Was it via PM? Can you share?

Not following the comment for using the command 'sudo -i -u' ...once in the chroot, instead of just sudo su? ....Tried that, and still have error.

(Also on buster)

it was a link to a comment on this thread. sunaku posted it

For the time being a solution is to edit /etc/pam.d/su-l and /etc/pam.d/runuser-l (within the chroot) and comment out the line:
session optional pam_keyinit.so force revoke
Note that this has some security implications, but they may not (or may!) be serious. Basically this allows the user access to all the keys that root has access to when the user does an su.

This is honestly not surprising coming from Ubuntu..

For the time being a solution is to edit /etc/pam.d/su-l and /etc/pam.d/runuser-l (within the chroot) and comment out the line:
session optional pam_keyinit.so force revoke
Note that this has some security implications, but they may not (or may!) be serious. Basically this allows the user access to all the keys that root has access to when the user does an su.

Thanks!

2020 calling, @sunaku the fix you linked to still works