Multiple authorized keys

Erich Newell erich.newell at gmail.com
Mon Mar 3 19:53:24 MST 2008


Ahh...now I understand. Let me re-state just to make sure I'm clear on this.


HostA user1 key-v ---->   HostB SubvUserAcct : key-v && key-p && key-j
HostA user2 key-p ---->   HostB SubvUserAcct : key-v && key-p && key-j
HostA user3 key-j ---->    HostB SubvUserAcct : key-v && key-p && key-j

Such that key-v/p/j are all in the same authorized hosts file?

In this case you will have to require that your users use the "-C" flag to
add a comment to the key and put their email or id. You can then view the
comments in the keys file and ident key <--> user

Hope that works out for you.

- Erich

On Mon, Mar 3, 2008 at 7:18 PM, Joey Prestia <joey at linuxamd.com> wrote:

> Erich Newell wrote:
> > I am confused.
> >
> > There should be a .ssh directory in each user's home dir. In that there
> > would be an "authorized_keys" file for that user and possibly a
> > known_hosts file as well if outbound connections are permitted from the
> > user shell. Removing the user and his home directory then removes
> access.
> >
> > Does that answer your question or am I completely missing the point?
> >
> > Cheers.
> >
> > - Erich
> >
> > On Mon, Mar 3, 2008 at 10:32 AM, Joey Prestia <joey at linuxamd.com
> > <mailto:joey at linuxamd.com>> wrote:
> >
> >     Anyone know of a way to have multiple ssh authorized_keys files for
> host
> >     key authentication for different users. I am familiar with the usual
> >     practice of echoing all of the users keys into authorized_keys file
> but
> >     I am thinking in terms of if I have to revoke keys and disable user
> >     access. What I would like to do is have a setup similar to apache in
> >     that it can have files included in the conf directory. So this way I
> >     have a user name or identifying indicator of whose key is whose so I
> can
> >     revoke access as the necessity arises.
>
>
> What I am looking to do is use one user for subversion and give that
> user read and write access. But for security I want to use host keys and
>  have the ability to revoke any one user by being able to identify
> their host key and removing it. The current setup uses one user and adds
> the new persons host key to the authorized keys but I cant distinguish
> between who's host key is who's in order to terminate one users access.
> With apache you can specify to include conf files in the conf.d
> directory and remove any conf file will remove the special
> configuration. Well I would like to be able to do something similar with
> ssh host key access to subversion
>
> --
> Joey
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>



-- 
"A man is defined by the questions that he asks; and the way he goes about
finding the answers to those questions is the way he goes through life."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20080303/a3b0cd0d/attachment.htm 


More information about the PLUG-discuss mailing list