Re: Restrict ssh logins
On Mon, 2006-06-26 at 16:50 -0400, Eric d'Alibut wrote:
> On 6/25/06, Lothar Braun <firstname.lastname@example.org> wrote:
> > You should define a global authorized_keys file then. Use
> > AuthorizedKeysFile in your /etc/ssh/sshd_conf to set the path to your
> > file.
> I note in the sshd_config man page that the AuthorizedKeysFile may
> make use of tokens ('%h') for things such as usernames, home dirs,
> etc. I can't seem to find an example of what, in practice, the syntax
> for such tokens is in that file. Does anyone have an example?
> tia as per usual,
Assume we have two users:
bob with home directory /home/bob/
alice with home directory /nfs-share/all-homes/alice/
If you put
in your sshd_config, sshd will look at /home/bob/.ssh/authorized_keys
will make sshd look at /home/bob/.ssh/authorized_keys
and /home/alice/.ssh/authorized_keys (and it won't find the
authorized_keys file from alice, because /home/alice doesn't exist)
will make sshd look for a file named /root/%/authorized_keys. This means
that it will look for a directory named %.