Multiple authorized keys
Erich Newell
erich.newell at gmail.com
Mon Mar 3 19:53:24 MST 2008
Ahh...now I understand. Let me re-state just to make sure I'm clear on this.
HostA user1 key-v ----> HostB SubvUserAcct : key-v && key-p && key-j
HostA user2 key-p ----> HostB SubvUserAcct : key-v && key-p && key-j
HostA user3 key-j ----> HostB SubvUserAcct : key-v && key-p && key-j
Such that key-v/p/j are all in the same authorized hosts file?
In this case you will have to require that your users use the "-C" flag to
add a comment to the key and put their email or id. You can then view the
comments in the keys file and ident key <--> user
Hope that works out for you.
- Erich
On Mon, Mar 3, 2008 at 7:18 PM, Joey Prestia <joey at linuxamd.com> wrote:
> Erich Newell wrote:
> > I am confused.
> >
> > There should be a .ssh directory in each user's home dir. In that there
> > would be an "authorized_keys" file for that user and possibly a
> > known_hosts file as well if outbound connections are permitted from the
> > user shell. Removing the user and his home directory then removes
> access.
> >
> > Does that answer your question or am I completely missing the point?
> >
> > Cheers.
> >
> > - Erich
> >
> > On Mon, Mar 3, 2008 at 10:32 AM, Joey Prestia <joey at linuxamd.com
> > <mailto:joey at linuxamd.com>> wrote:
> >
> > Anyone know of a way to have multiple ssh authorized_keys files for
> host
> > key authentication for different users. I am familiar with the usual
> > practice of echoing all of the users keys into authorized_keys file
> but
> > I am thinking in terms of if I have to revoke keys and disable user
> > access. What I would like to do is have a setup similar to apache in
> > that it can have files included in the conf directory. So this way I
> > have a user name or identifying indicator of whose key is whose so I
> can
> > revoke access as the necessity arises.
>
>
> What I am looking to do is use one user for subversion and give that
> user read and write access. But for security I want to use host keys and
> have the ability to revoke any one user by being able to identify
> their host key and removing it. The current setup uses one user and adds
> the new persons host key to the authorized keys but I cant distinguish
> between who's host key is who's in order to terminate one users access.
> With apache you can specify to include conf files in the conf.d
> directory and remove any conf file will remove the special
> configuration. Well I would like to be able to do something similar with
> ssh host key access to subversion
>
> --
> Joey
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
--
"A man is defined by the questions that he asks; and the way he goes about
finding the answers to those questions is the way he goes through life."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20080303/a3b0cd0d/attachment.htm
More information about the PLUG-discuss
mailing list