regarding the patch to support multiple authorizedkeysfile configuration choices for sshd [0]: AuthorizedKeysFile currently is not supported by the Match keyword. If this feature of multiple AuthorizedKeysFile entries was supported, it would be ambiguous for use within a Match block (e.g. would a new AuthorizedKeysFile within a Match be a replacement for the generic AuthorizedKeysFile, or would it be in addition to?). Martin Krafft's proposal for an authorized_keys directory [1] would permit system configuration of the type Bastian is proposing through the use of symlinks like this: mkdir /etc/ssh/authorized_keys/user17 ln -s ~user17/.ssh/authorized_keys /etc/ssh/authorized_keys/user17/ and set: AuthorizedKeysFile /etc/ssh/authorized_keys/%u This would allow future inclusion of AuthorizedKeysFile in a Match block (as an unambiguous override of other settings). --dkg [0] http://bugs.debian.org/560148 [1] http://bugs.debian.org/481251
Attachment:
signature.asc
Description: OpenPGP digital signature