[scponly] Centralizing user public keys issue

Christopher Barry christopher.barry at qlogic.com
Sat Mar 28 15:28:49 EDT 2009 

Greetings everyone,

I realize this may be an sshd question, but figured there was likely a wealth of knowledge here about this topic. I've spent hours googling, and the answer seems straightforward in theory, but I cannot get it to work in practice, and I do not understand why.

man 5 sshd_config says to simply modify AuthorizedKeysFile to change from default of ~/.ssh/authorized_keys

so I create /etc/ssh/site-keys/<user>/authorized_keys

and set

AuthorizedKeysFile /etc/ssh/site-keys/%u/authorized_keys

nada. I muck with the dir and file perms until I'm blue. nada.

I get this with DEBUG3 level in sshd_config:

Mar 28 14:24:39 <removed> sshd[17840]: debug3: monitor_read: checking request 21
Mar 28 14:24:39 <removed> sshd[17840]: debug3: mm_answer_keyallowed entering
Mar 28 14:24:39 <removed> sshd[17840]: debug3: mm_answer_keyallowed: key_from_blob: 0xb7f69960
Mar 28 14:24:39 <removed> sshd[17840]: debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
Mar 28 14:24:39 <removed> sshd[17840]: debug1: temporarily_use_uid: 0/0 (e=0/0)
Mar 28 14:24:39 <removed> sshd[17840]: debug1: trying public key file /etc/ssh/site-keys/root/authorized_keys
Mar 28 14:24:39 <removed> sshd[17840]: debug1: restore_uid: 0/0
Mar 28 14:24:39 <removed> sshd[17840]: debug1: temporarily_use_uid: 0/0 (e=0/0)
Mar 28 14:24:39 <removed> sshd[17840]: debug1: trying public key file /etc/ssh/site-keys/root/authorized_keys
Mar 28 14:24:39 <removed> sshd[17840]: debug1: restore_uid: 0/0
Mar 28 14:24:39 <removed> sshd[17840]: Failed publickey for root from 10.32.8.200 port 35925 ssh2
Mar 28 14:24:39 <removed> sshd[17840]: debug3: mm_answer_keyallowed: key 0xb7f69960 is disallowed
Mar 28 14:24:39 <removed> sshd[17840]: debug3: mm_request_send entering: type 22
Mar 28 14:24:39 <removed> sshd[17840]: debug3: mm_request_receive entering
Mar 28 14:24:46 <removed> sshd[17840]: debug1: do_cleanup
Mar 28 14:24:46 <removed> sshd[17840]: debug1: PAM: cleanup
Mar 28 14:24:46 <removed> sshd[17840]: debug3: PAM: sshpam_thread_cleanup entering

When I comment out AuthorizedKeysFile so it uses defaults, it works fine.

Running Ubuntu 8.04, latest updates.

Has anyone made this work? What stupid thing am I doing wrong? Or, have I bumped into a bug?


Thanks for any help you can offer.

Regards,
Christopher

More information about the scponly mailing list