[scponly] Centralizing user public keys issue

Christopher Barry christopher.barry at qlogic.com
Sat Mar 28 16:04:16 EDT 2009 

> -----Original Message-----
> From: scponly-bounces at lists.ccs.neu.edu [mailto:scponly-
> bounces at lists.ccs.neu.edu] On Behalf Of Christopher Barry
> Sent: Saturday, March 28, 2009 3:29 PM
> To: scponly at lists.ccs.neu.edu
> Subject: [scponly] Centralizing user public keys issue
> 
> Greetings everyone,
> 
> I realize this may be an sshd question, but figured there was likely a
> wealth of knowledge here about this topic. I've spent hours googling,
> and the answer seems straightforward in theory, but I cannot get it to
> work in practice, and I do not understand why.
> 
> man 5 sshd_config says to simply modify AuthorizedKeysFile to change
> from default of ~/.ssh/authorized_keys
> 
> so I create /etc/ssh/site-keys/<user>/authorized_keys
> 
> and set
> 
> AuthorizedKeysFile /etc/ssh/site-keys/%u/authorized_keys
> 
> nada. I muck with the dir and file perms until I'm blue. nada.
> 
> I get this with DEBUG3 level in sshd_config:
> 
> Mar 28 14:24:39 <removed> sshd[17840]: debug3: monitor_read: checking
> request 21
> Mar 28 14:24:39 <removed> sshd[17840]: debug3: mm_answer_keyallowed
> entering
> Mar 28 14:24:39 <removed> sshd[17840]: debug3: mm_answer_keyallowed:
> key_from_blob: 0xb7f69960
> Mar 28 14:24:39 <removed> sshd[17840]: debug1: Checking blacklist file
> /etc/ssh/blacklist.DSA-1024
> Mar 28 14:24:39 <removed> sshd[17840]: debug1: temporarily_use_uid: 0/0
> (e=0/0)
> Mar 28 14:24:39 <removed> sshd[17840]: debug1: trying public key file
> /etc/ssh/site-keys/root/authorized_keys
> Mar 28 14:24:39 <removed> sshd[17840]: debug1: restore_uid: 0/0
> Mar 28 14:24:39 <removed> sshd[17840]: debug1: temporarily_use_uid: 0/0
> (e=0/0)
> Mar 28 14:24:39 <removed> sshd[17840]: debug1: trying public key file
> /etc/ssh/site-keys/root/authorized_keys
> Mar 28 14:24:39 <removed> sshd[17840]: debug1: restore_uid: 0/0
> Mar 28 14:24:39 <removed> sshd[17840]: Failed publickey for root from
> 10.32.8.200 port 35925 ssh2
> Mar 28 14:24:39 <removed> sshd[17840]: debug3: mm_answer_keyallowed:
> key 0xb7f69960 is disallowed
> Mar 28 14:24:39 <removed> sshd[17840]: debug3: mm_request_send
> entering: type 22
> Mar 28 14:24:39 <removed> sshd[17840]: debug3: mm_request_receive
> entering
> Mar 28 14:24:46 <removed> sshd[17840]: debug1: do_cleanup
> Mar 28 14:24:46 <removed> sshd[17840]: debug1: PAM: cleanup
> Mar 28 14:24:46 <removed> sshd[17840]: debug3: PAM:
> sshpam_thread_cleanup entering
> 
> When I comment out AuthorizedKeysFile so it uses defaults, it works
> fine.
> 
> Running Ubuntu 8.04, latest updates.
> 
> Has anyone made this work? What stupid thing am I doing wrong? Or, have
> I bumped into a bug?
> 
> 
> Thanks for any help you can offer.
> 
> Regards,
> Christopher
> 

DOH! I'm a bonehead. My dir was actually site_keys, and the config was site-keys....
Damn that was annoying!
Sorry for the noise.

Thanks.
-C

More information about the scponly mailing list