[michaelmrose]

I read that you would have to physically log into your machine in order to mount home but ssh login including via public key auth would work thereafter.

Public key ssh login at a machine you hadn't sat down and logged in would fail in the same fashion as one would expect if the home partition was absent.

This would seem to be passable in many cases right up until you have to reboot the machine for some reason and its no longer possible to login.

There is good reason to prefer a public key vs password. Pubkey auth means you aren't entering anything over the wire that can be intercepted and nobody can guess or use your password if they knew it to access your local system.

For example someone who shoulder surfed your password couldn't gain the ability to log into your machine from across town.

If they shoulder surfed your passphrase/password and then stole your physical machine they would of course have everything they needed in a typical configuration even with encryption. You could of course go further and require a keyfile AND a passphrase and hope it is harder to say steal a small usb device on your keychain and your computer than just your computer.

At this point it really looks like you are defending against a targeted attack on your data rather than simple theft.