Re: Multiple authorized_keys2 files or how to achieve same effect.
From: Guillaume Vissian (somebodyishere_at_gmail.com)
Date: Thu, 01 Sep 2005 17:42:42 +0200 To: Jeremy Eder <email@example.com>
For sure i am far away from the kind of answer you hope; but why not use
differents users and let each user use sudo ? it will be easier for you
isn't it ? and to remove a user access you just have to do "userdel"...
Président de l'Association d'Audit de Sécurité
53, rue de Grenelle
Jeremy Eder wrote:
>My situation: multiple admins needing root on hundreds of boxes.
>Currently: using pubkeyauth on openssh (mostly bsd but linux and
>Goal: ease add/remove of credentials from machines (one-off or globally
>in our network)
>Each server may have a completely different (and still valid) list of
>users in the authkeys2 file.
>Instead of getting messy with sed/cat/grep...I began to research if it
>was possible to have multiple authorized_keys2 files, or at least be
>able to put directives to separate public key files in the global
>authorized_keys2. This would make the management of my setup much
>Then I can control access to the box simply by creating or deleting that
>file and one line in the conf.
>Am I looking in the right direction ? I haven't yet discovered a way to
>do this under openssh; however .ssh/authorization under ssh2 seems to
>provide the exact feature I am thinking of. Not an option...
>Is this possible ? Is there some other practice that is more accepted
>that I'm not aware of ?
>Thanks for your help.