Re: Multiple authorized_keys2 files or how to achieve same effect.

From: Guillaume Vissian (somebodyishere_at_gmail.com)
Date: 09/01/05

  • Next message: Derek Martin: "Re: Multiple authorized_keys2 files or how to achieve same effect."
    Date: Thu, 01 Sep 2005 17:42:42 +0200
    To: Jeremy Eder <jeder@invision.net>
    
    

    Hello,

    For sure i am far away from the kind of answer you hope; but why not use
    differents users and let each user use sudo ? it will be easier for you
    isn't it ? and to remove a user access you just have to do "userdel"...

    Good luck

    Guillaume Vissian
    Président de l'Association d'Audit de Sécurité
    53, rue de Grenelle
    75007 Paris

    Jeremy Eder wrote:

    >My situation: multiple admins needing root on hundreds of boxes.
    >
    >Currently: using pubkeyauth on openssh (mostly bsd but linux and
    >solaris too)
    >
    >Goal: ease add/remove of credentials from machines (one-off or globally
    >in our network)
    >
    >Each server may have a completely different (and still valid) list of
    >users in the authkeys2 file.
    >
    >Instead of getting messy with sed/cat/grep...I began to research if it
    >was possible to have multiple authorized_keys2 files, or at least be
    >able to put directives to separate public key files in the global
    >authorized_keys2. This would make the management of my setup much
    >easier...
    >
    >Something like...
    >
    >AuthorizedKeysFile .ssh/authorized_keys2
    >AuthorizedKeysFile .ssh/user1
    >AuthorizedKeysFile /ssh/user2
    >
    >Etc etc...
    >
    >Then I can control access to the box simply by creating or deleting that
    >file and one line in the conf.
    >
    >Am I looking in the right direction ? I haven't yet discovered a way to
    >do this under openssh; however .ssh/authorization under ssh2 seems to
    >provide the exact feature I am thinking of. Not an option...
    >
    >Is this possible ? Is there some other practice that is more accepted
    >that I'm not aware of ?
    >
    >Thanks for your help.
    >
    >
    >


  • Next message: Derek Martin: "Re: Multiple authorized_keys2 files or how to achieve same effect."