Multiple authorized_keys2 files or how to achieve same effect.

From: Jeremy Eder (jeder_at_invision.net)
Date: 09/01/05

  • Next message: Guillaume Vissian: "Re: Multiple authorized_keys2 files or how to achieve same effect." 
    Date: Thu, 1 Sep 2005 10:49:02 -0400
To: <secureshell@securityfocus.com>

    My situation: multiple admins needing root on hundreds of boxes.

    Currently: using pubkeyauth on openssh (mostly bsd but linux and
    solaris too)

    Goal: ease add/remove of credentials from machines (one-off or globally
    in our network)

    Each server may have a completely different (and still valid) list of
    users in the authkeys2 file.

    Instead of getting messy with sed/cat/grep...I began to research if it
    was possible to have multiple authorized_keys2 files, or at least be
    able to put directives to separate public key files in the global
    authorized_keys2. This would make the management of my setup much
    easier...

    Something like...

    AuthorizedKeysFile .ssh/authorized_keys2
    AuthorizedKeysFile .ssh/user1
    AuthorizedKeysFile /ssh/user2

    Etc etc...

    Then I can control access to the box simply by creating or deleting that
    file and one line in the conf.

    Am I looking in the right direction ? I haven't yet discovered a way to
    do this under openssh; however .ssh/authorization under ssh2 seems to
    provide the exact feature I am thinking of. Not an option...

    Is this possible ? Is there some other practice that is more accepted
    that I'm not aware of ?

    Thanks for your help.

  • Next message: Guillaume Vissian: "Re: Multiple authorized_keys2 files or how to achieve same effect."