Ahh...now I understand. Let me re-state just to make sure I'm clear on this.
HostA user1 key-v ----> HostB SubvUserAcct : key-v && key-p && key-j
HostA user2 key-p ----> HostB SubvUserAcct : key-v && key-p && key-j
HostA user3 key-j ----> HostB SubvUserAcct : key-v && key-p && key-j
Such that key-v/p/j are all in the same authorized hosts file?
In this case you will have to require that your users use the "-C" flag to add a comment to the key and put their email or id. You can then view the comments in the keys file and ident key <--> user
Hope that works out for you.
- Erich
Erich Newell wrote:
> I am confused.
>
> There should be a .ssh directory in each user's home dir. In that there
> would be an "authorized_keys" file for that user and possibly a
> known_hosts file as well if outbound connections are permitted from the
> user shell. Removing the user and his home directory then removes access.
>
> Does that answer your question or am I completely missing the point?
>
> Cheers.
>
> - Erich
>
> On Mon, Mar 3, 2008 at 10:32 AM, Joey Prestia <joey@linuxamd.com
> <mailto:joey@linuxamd.com>> wrote:What I am looking to do is use one user for subversion and give that
>
> Anyone know of a way to have multiple ssh authorized_keys files for host
> key authentication for different users. I am familiar with the usual
> practice of echoing all of the users keys into authorized_keys file but
> I am thinking in terms of if I have to revoke keys and disable user
> access. What I would like to do is have a setup similar to apache in
> that it can have files included in the conf directory. So this way I
> have a user name or identifying indicator of whose key is whose so I can
> revoke access as the necessity arises.
user read and write access. But for security I want to use host keys and
have the ability to revoke any one user by being able to identify
their host key and removing it. The current setup uses one user and adds
the new persons host key to the authorized keys but I cant distinguish
between who's host key is who's in order to terminate one users access.
With apache you can specify to include conf files in the conf.d
directory and remove any conf file will remove the special
configuration. Well I would like to be able to do something similar with
ssh host key access to subversion
--
Joey
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss