Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 20 Jan 2007 17:53:16 +0100
From:      VeeJay <maanjee@gmail.com>
To:        "Matthew Seaman" <m.seaman@infracaninophile.co.uk>,  derek@computinginnovations.com,  FreeBSD-Questions <freebsd-questions@freebsd.org>
Subject:   Re: SSH2 question?
Message-ID:  <2cd0a0da0701200853w10e87152oe0e23bbf8dc22f14@mail.gmail.com>
In-Reply-To: <45B1F3EB.2050602@infracaninophile.co.uk>
References:  <2cd0a0da0701192320l5b64fee3l50f88977306d3b57@mail.gmail.com> <45B1F3EB.2050602@infracaninophile.co.uk>

next in thread | previous in thread | raw e-mail | index | archive | help
Right...

But I am not running any FTP server..... user is getting login by
SSH/SFTP.....

would i have to change the user's login configruation or what?

Thanks

/VJ


On 1/20/07, Matthew Seaman <m.seaman@infracaninophile.co.uk> wrote:
>
> VeeJay wrote:
> > Hello
> >
> > I have two questions, please comment...
> >
> > 1. Can one user have more than one public_keys i.e. multiple
> public_keys?
>
> Yes.
>
> > If yes to above, would all be stored at users path like
> /home/username/.ssh
>
> That would be the usual way of doing things, but there is no restriction
> on where you can put keys, other than the requirement that the location
> is sufficiently well secured that keys cannot be modified by anyone other
> than the owner or root.
>
> Note that ssh will by default look for private keys in ${HOME}/.ssh/id_dsa
> and ${HOME}/.ssh/id_rsa -- if you keep private keys in other files,
> you'll need to tell ssh that by using the '-I' flag on the command line
>
> *public* keys are different.  Public keys and the authorized_keys
> file must be stored relative to the home directory of the account they
> are being used to access.  Well, you generally keep a copy of the public
> key with the corresponding private key for reference -- unless it is
> in the authorized_keys file it doesn't have any effect.  The restrictions
> on who can modify the authorized_keys file are strict.
>
> > If yes, to above, would all public keys be written at the same line
> > for option in ssh_config file "AuthorizedKeysFile"?
>
> You can certainly add as many public keys as you want to an authorized
> keys file.  Basically that says that the owner of the public key
> corresponding to one of those public keys is permitted to log into that
> account.
>
> > AuthorizedKeysFile      .ssh/user_authorized_keys
>
> Note that this location is relative to the home directory of the account
> that is being logged into.  The assumption is that each userid has a
> separate home directory.  If you made a number of accounts and had them
> all share the same home directory, then the authorized keys file would
> permit login to any of the accounts using that home directory (assuming
> you could satisfy sshd's requirements about filesystem permissions)
>
> > 2. What about other users who also have SSH account, How to indentify in
> > ssh_config file that which public_key belongs to which user?
>
> You wouldn't use the ssh_config file for that.  There's a comment field
> at the end of a SSH public key which you can set to whatever value you
> want.  ssh-keygen defaults to username@hostname, but you can just edit
> the file and change it to whatever you want, so long as it is all on one
> line.
>
>        Cheers,
>
>        Matthew
>
>
> --
> Dr Matthew J Seaman MA, D.Phil.                       7 Priory Courtyard
>                                                      Flat 3
> PGP: http://www.infracaninophile.co.uk/pgpkey         Ramsgate
>                                                      Kent, CT11 9PW
>
>
>
>


-- 
Thanks!

BR / vj



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2cd0a0da0701200853w10e87152oe0e23bbf8dc22f14>