[scponly] ssh and scponly related query.

Benjamin Donnachie benjamin at pythagoras.no-ip.org
Thu Sep 15 14:48:26 EDT 2005


"J.D. Baldwin" <baldwin at panix.com> wrote: 
>Create two UNIX users, let's say ben1 and ben2.  Both will be defined
>with the same home directory and UID, and the same group membership.
>In ~ben1/.ssh/authorized_keys are your public keys for authentication.
>There is no ~/ben2/.ssh/authorized_keys file.

My understanding is that OpenSSH looks in the ~/.ssh directory for it's 
config files - so if both users have the same home directory, they'll both 
have the same .ssh/authorized_keys file... :-/

>Now you can do uploads/downloads with the ben2 account and its
>password, but you can shell in to ben1 with your key.

Though this might not matter as ben2 could remain chroot'ed with scp as its 
shell and ben1 be "un-chrooted" with bash...  Do you know whether public 
key authentication will work even if a user's password is disabled?  
(Unfortunately, I'm off site at the moment so can't check)  As, if so, this 
would be an ideal solution! :-)

Take care,


--
Benjamin
benjamin at pythagoras.no-ip.org





More information about the scponly mailing list