Re: Multiple authorized_keys2 files or how to achieve same effect.
From: Guillaume Vissian (somebodyishere_at_gmail.com)
Date: 09/01/05
- Previous message: Jeremy Eder: "Multiple authorized_keys2 files or how to achieve same effect."
- In reply to: Jeremy Eder: "Multiple authorized_keys2 files or how to achieve same effect."
- Next in thread: Derek Martin: "Re: Multiple authorized_keys2 files or how to achieve same effect."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 01 Sep 2005 17:42:42 +0200 To: Jeremy Eder <jeder@invision.net>
Hello,
For sure i am far away from the kind of answer you hope; but why not use
differents users and let each user use sudo ? it will be easier for you
isn't it ? and to remove a user access you just have to do "userdel"...
Good luck
Guillaume Vissian
Président de l'Association d'Audit de Sécurité
53, rue de Grenelle
75007 Paris
Jeremy Eder wrote:
>My situation: multiple admins needing root on hundreds of boxes.
>
>Currently: using pubkeyauth on openssh (mostly bsd but linux and
>solaris too)
>
>Goal: ease add/remove of credentials from machines (one-off or globally
>in our network)
>
>Each server may have a completely different (and still valid) list of
>users in the authkeys2 file.
>
>Instead of getting messy with sed/cat/grep...I began to research if it
>was possible to have multiple authorized_keys2 files, or at least be
>able to put directives to separate public key files in the global
>authorized_keys2. This would make the management of my setup much
>easier...
>
>Something like...
>
>AuthorizedKeysFile .ssh/authorized_keys2
>AuthorizedKeysFile .ssh/user1
>AuthorizedKeysFile /ssh/user2
>
>Etc etc...
>
>Then I can control access to the box simply by creating or deleting that
>file and one line in the conf.
>
>Am I looking in the right direction ? I haven't yet discovered a way to
>do this under openssh; however .ssh/authorization under ssh2 seems to
>provide the exact feature I am thinking of. Not an option...
>
>Is this possible ? Is there some other practice that is more accepted
>that I'm not aware of ?
>
>Thanks for your help.
>
>
>
- Previous message: Jeremy Eder: "Multiple authorized_keys2 files or how to achieve same effect."
- In reply to: Jeremy Eder: "Multiple authorized_keys2 files or how to achieve same effect."
- Next in thread: Derek Martin: "Re: Multiple authorized_keys2 files or how to achieve same effect."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
