Bug#560148: multiple AuthorizedKeysFiles
[ Please note that mails to $bug@bugs.debian.org are not sent to the
[ submitter, please also add $bug-submitter@bugs.debian.org to the
[ recipients.
On Wed, Dec 09, 2009 at 02:11:31PM -0500, Daniel Kahn Gillmor wrote:
> AuthorizedKeysFile currently is not supported by the Match keyword. If
> this feature of multiple AuthorizedKeysFile entries was supported, it
> would be ambiguous for use within a Match block (e.g. would a new
> AuthorizedKeysFile within a Match be a replacement for the generic
> AuthorizedKeysFile, or would it be in addition to?).
This bug is actually written with my second variant in use. The first
one used a _list_ of entries in AuthorizedKeysFile to make that not
ambiguous. This however would need another metacharacter to split the
entries.
> Martin Krafft's proposal for an authorized_keys directory [1] would
> permit system configuration of the type Bastian is proposing through the
> use of symlinks like this:
> mkdir /etc/ssh/authorized_keys/user17
> ln -s ~user17/.ssh/authorized_keys /etc/ssh/authorized_keys/user17/
The core problem includes two such directories. One machine specific in
/etc/ssh and one network specific somewhere else with several hundred
users.
Bastian
--
Is truth not truth for all?
-- Natira, "For the World is Hollow and I have Touched
the Sky", stardate 5476.4.
Reply to: