also sprach Colin Watson <cjwatson@debian.org> [2003.01.16.1807 +0100]:
> Well, it is possible to have the key fingerprint logged; see the last
> message of #75043. However, that probably isn't what you want.
It would result in a hacked solution...
> I think you should use a forced command in authorized_keys. For example,
> I have one such file that contains this line:
>
> command="userv dyndns dyndns dynamic.greenend.org.uk riva",no-pty,no-port-forwarding 1024 35 145413580969648476044072749424723997577855609708600898296078782540051360757631277317814917027038279588528053774482503019012709429846592053864406645721891713477828254982531683029630103055847963503784826642231356729554071003805850344215815518908121062306905784894054069613278599523363884251674573384786501899737 cjwatson@arborlon
I am aware of this form but it
(a) limits each key to only be usable to update one domain
(b) forces me to do administration in the authorized_keys file, which
I'd rather not.
> If you need security between users as well, then using userv as above
> may help. Give them each their own account, if necessary disabled except
> for a single authorized_keys entry with a forced command.
I don't really want to hand out that many accounts, and if it's just
because of naming and administrative issues...
Damnit, this is harder than I want it to be.
--
Please do not CC me! Mutt (www.mutt.org) can handle this automatically.
.''`. martin f. krafft <madduck@debian.org>
: :' : proud Debian developer, admin, and user
`. `'`
`- Debian - when you have better things to do than fixing a system
NOTE: The pgp.net keyservers and their mirrors are broken!
Get my key here: http://people.debian.org/~madduck/gpg/330c4a75.asc
Attachment:
pgpVKoZCOLIxu.pgp
Description: PGP signature