Re: Restrict ssh logins
On Mon, 2006-06-26 at 16:50 -0400, Eric d'Alibut wrote:
> On 6/25/06, Lothar Braun <debian@lobraun.de> wrote:
>
> > You should define a global authorized_keys file then. Use
> > AuthorizedKeysFile in your /etc/ssh/sshd_conf to set the path to your
> > file.
>
> I note in the sshd_config man page that the AuthorizedKeysFile may
> make use of tokens ('%h') for things such as usernames, home dirs,
> etc. I can't seem to find an example of what, in practice, the syntax
> for such tokens is in that file. Does anyone have an example?
>
> tia as per usual,
Let's go:
Assume we have two users:
bob with home directory /home/bob/
alice with home directory /nfs-share/all-homes/alice/
-
If you put
AuthorizedKeysFile %h/.ssh/authorized_keys
in your sshd_config, sshd will look at /home/bob/.ssh/authorized_keys
and /nfs-share/all-homes/alice/.ssh.authorized_keys.
-
AuthorizedKeysFile %u/.ssh/authorized_keys
will make sshd look at /home/bob/.ssh/authorized_keys
and /home/alice/.ssh/authorized_keys (and it won't find the
authorized_keys file from alice, because /home/alice doesn't exist)
-
AuthorizedKeysFile /root/%%/authorized_keys
will make sshd look for a file named /root/%/authorized_keys. This means
that it will look for a directory named %.
Hth,
Lothar
Reply to: