Ahh...now I understand. Let me re-state just to make sure I'm clear on this. HostA user1 key-v ----> HostB SubvUserAcct : key-v && key-p && key-j HostA user2 key-p ----> HostB SubvUserAcct : key-v && key-p && key-j HostA user3 key-j ----> HostB SubvUserAcct : key-v && key-p && key-j Such that key-v/p/j are all in the same authorized hosts file? In this case you will have to require that your users use the "-C" flag to add a comment to the key and put their email or id. You can then view the comments in the keys file and ident key <--> user Hope that works out for you. - Erich On Mon, Mar 3, 2008 at 7:18 PM, Joey Prestia wrote: > Erich Newell wrote: > > I am confused. > > > > There should be a .ssh directory in each user's home dir. In that there > > would be an "authorized_keys" file for that user and possibly a > > known_hosts file as well if outbound connections are permitted from the > > user shell. Removing the user and his home directory then removes > access. > > > > Does that answer your question or am I completely missing the point? > > > > Cheers. > > > > - Erich > > > > On Mon, Mar 3, 2008 at 10:32 AM, Joey Prestia > > wrote: > > > > Anyone know of a way to have multiple ssh authorized_keys files for > host > > key authentication for different users. I am familiar with the usual > > practice of echoing all of the users keys into authorized_keys file > but > > I am thinking in terms of if I have to revoke keys and disable user > > access. What I would like to do is have a setup similar to apache in > > that it can have files included in the conf directory. So this way I > > have a user name or identifying indicator of whose key is whose so I > can > > revoke access as the necessity arises. > > > What I am looking to do is use one user for subversion and give that > user read and write access. But for security I want to use host keys and > have the ability to revoke any one user by being able to identify > their host key and removing it. The current setup uses one user and adds > the new persons host key to the authorized keys but I cant distinguish > between who's host key is who's in order to terminate one users access. > With apache you can specify to include conf files in the conf.d > directory and remove any conf file will remove the special > configuration. Well I would like to be able to do something similar with > ssh host key access to subversion > > -- > Joey > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > -- "A man is defined by the questions that he asks; and the way he goes about finding the answers to those questions is the way he goes through life."