Ahh...now I understand. Let me re-state just to make sure I&#39;m clear on this.<br><br><br>HostA user1 key-v ----&gt;&nbsp;&nbsp; HostB SubvUserAcct : key-v &amp;&amp; key-p &amp;&amp; key-j<br>HostA user2 key-p ----&gt;&nbsp;&nbsp; HostB SubvUserAcct : key-v &amp;&amp; key-p &amp;&amp; key-j<br>
HostA user3 key-j ----&gt;&nbsp;&nbsp;&nbsp; HostB SubvUserAcct : key-v &amp;&amp; key-p &amp;&amp; key-j<br><br>Such that key-v/p/j are all in the same authorized hosts file?<br><br>In this case you will have to require that your users use the &quot;-C&quot; flag to add a comment to the key and put their email or id. You can then view the comments in the keys file and ident key &lt;--&gt; user<br>
<br>Hope that works out for you.<br><br>- Erich<br><br><div class="gmail_quote">On Mon, Mar 3, 2008 at 7:18 PM, Joey Prestia &lt;<a href="mailto:joey@linuxamd.com">joey@linuxamd.com</a>&gt; wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">Erich Newell wrote:<br>
&gt; I am confused.<br>
&gt;<br>
&gt; There should be a .ssh directory in each user&#39;s home dir. In that there<br>
&gt; would be an &quot;authorized_keys&quot; file for that user and possibly a<br>
&gt; known_hosts file as well if outbound connections are permitted from the<br>
&gt; user shell. Removing the user and his home directory then removes access.<br>
&gt;<br>
&gt; Does that answer your question or am I completely missing the point?<br>
&gt;<br>
&gt; Cheers.<br>
&gt;<br>
&gt; - Erich<br>
&gt;<br>
&gt; On Mon, Mar 3, 2008 at 10:32 AM, Joey Prestia &lt;<a href="mailto:joey@linuxamd.com">joey@linuxamd.com</a><br>
</div><div class="Ih2E3d">&gt; &lt;mailto:<a href="mailto:joey@linuxamd.com">joey@linuxamd.com</a>&gt;&gt; wrote:<br>
&gt;<br>
&gt; &nbsp; &nbsp; Anyone know of a way to have multiple ssh authorized_keys files for host<br>
&gt; &nbsp; &nbsp; key authentication for different users. I am familiar with the usual<br>
&gt; &nbsp; &nbsp; practice of echoing all of the users keys into authorized_keys file but<br>
&gt; &nbsp; &nbsp; I am thinking in terms of if I have to revoke keys and disable user<br>
&gt; &nbsp; &nbsp; access. What I would like to do is have a setup similar to apache in<br>
&gt; &nbsp; &nbsp; that it can have files included in the conf directory. So this way I<br>
&gt; &nbsp; &nbsp; have a user name or identifying indicator of whose key is whose so I can<br>
&gt; &nbsp; &nbsp; revoke access as the necessity arises.<br>
<br>
<br>
</div>What I am looking to do is use one user for subversion and give that<br>
user read and write access. But for security I want to use host keys and<br>
 &nbsp;have the ability to revoke any one user by being able to identify<br>
their host key and removing it. The current setup uses one user and adds<br>
the new persons host key to the authorized keys but I cant distinguish<br>
between who&#39;s host key is who&#39;s in order to terminate one users access.<br>
With apache you can specify to include conf files in the conf.d<br>
directory and remove any conf file will remove the special<br>
configuration. Well I would like to be able to do something similar with<br>
ssh host key access to subversion<br>
<font color="#888888"><br>
--<br>
</font><div><div></div><div class="Wj3C7c">Joey<br>
---------------------------------------------------<br>
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.plug.phoenix.az.us">PLUG-discuss@lists.plug.phoenix.az.us</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss" target="_blank">http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>&quot;A man is defined by the questions that he asks; and the way he goes about finding the answers to those questions is the way he goes through life.&quot;<br>