Re: Multiple authorized keys

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Joey Prestia
Date:  
To: Main PLUG discussion list
Subject: Re: Multiple authorized keys
Erich Newell wrote:
> I am confused.
>
> There should be a .ssh directory in each user's home dir. In that there
> would be an "authorized_keys" file for that user and possibly a
> known_hosts file as well if outbound connections are permitted from the
> user shell. Removing the user and his home directory then removes access.
>
> Does that answer your question or am I completely missing the point?
>
> Cheers.
>
> - Erich
>
> On Mon, Mar 3, 2008 at 10:32 AM, Joey Prestia <
> <mailto:joey@linuxamd.com>> wrote:
>
>     Anyone know of a way to have multiple ssh authorized_keys files for host
>     key authentication for different users. I am familiar with the usual
>     practice of echoing all of the users keys into authorized_keys file but
>     I am thinking in terms of if I have to revoke keys and disable user
>     access. What I would like to do is have a setup similar to apache in
>     that it can have files included in the conf directory. So this way I
>     have a user name or identifying indicator of whose key is whose so I can
>     revoke access as the necessity arises.



What I am looking to do is use one user for subversion and give that
user read and write access. But for security I want to use host keys and
have the ability to revoke any one user by being able to identify
their host key and removing it. The current setup uses one user and adds
the new persons host key to the authorized keys but I cant distinguish
between who's host key is who's in order to terminate one users access.
With apache you can specify to include conf files in the conf.d
directory and remove any conf file will remove the special
configuration. Well I would like to be able to do something similar with
ssh host key access to subversion

--
Joey
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss