Date: Sat, 20 Jan 2007 10:50:19 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: VeeJay <maanjee@gmail.com> Cc: FreeBSD-Questions <freebsd-questions@freebsd.org> Subject: Re: SSH2 question? Message-ID: <45B1F3EB.2050602@infracaninophile.co.uk> In-Reply-To: <2cd0a0da0701192320l5b64fee3l50f88977306d3b57@mail.gmail.com> References: <2cd0a0da0701192320l5b64fee3l50f88977306d3b57@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig65145ABC39EE816A8ED9A67F
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: quoted-printable
VeeJay wrote:
> Hello
>=20
> I have two questions, please comment...
>=20
> 1. Can one user have more than one public_keys i.e. multiple public_key=
s?
Yes.
> If yes to above, would all be stored at users path like /home/username/=
=2Essh
That would be the usual way of doing things, but there is no restriction
on where you can put keys, other than the requirement that the location
is sufficiently well secured that keys cannot be modified by anyone other=
than the owner or root.
Note that ssh will by default look for private keys in ${HOME}/.ssh/id_ds=
a
and ${HOME}/.ssh/id_rsa -- if you keep private keys in other files,
you'll need to tell ssh that by using the '-I' flag on the command line
*public* keys are different. Public keys and the authorized_keys
file must be stored relative to the home directory of the account they
are being used to access. Well, you generally keep a copy of the public
key with the corresponding private key for reference -- unless it is
in the authorized_keys file it doesn't have any effect. The restrictions=
on who can modify the authorized_keys file are strict.
> If yes, to above, would all public keys be written at the same line
> for option in ssh_config file "AuthorizedKeysFile"?
You can certainly add as many public keys as you want to an authorized
keys file. Basically that says that the owner of the public key=20
corresponding to one of those public keys is permitted to log into that
account.=20
> AuthorizedKeysFile .ssh/user_authorized_keys
Note that this location is relative to the home directory of the account
that is being logged into. The assumption is that each userid has a
separate home directory. If you made a number of accounts and had them
all share the same home directory, then the authorized keys file would
permit login to any of the accounts using that home directory (assuming
you could satisfy sshd's requirements about filesystem permissions)
> 2. What about other users who also have SSH account, How to indentify i=
n
> ssh_config file that which public_key belongs to which user?
You wouldn't use the ssh_config file for that. There's a comment field=20
at the end of a SSH public key which you can set to whatever value you
want. ssh-keygen defaults to username@hostname, but you can just edit
the file and change it to whatever you want, so long as it is all on one
line.
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
--------------enig65145ABC39EE816A8ED9A67F
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.1 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFsfPx8Mjk52CukIwRCIB7AJwJzLYhGGYwoRSD1UF3lX7xM+yYEwCfdTT/
g/QV/3dH+/MAO1jZNo5q3zs=
=8Mhs
-----END PGP SIGNATURE-----
--------------enig65145ABC39EE816A8ED9A67F--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45B1F3EB.2050602>