[scponly] ssh key auth. using the same chroot env., possible?

Paul Hyder paul.hyder at noaa.gov
Thu Nov 30 00:21:17 EST 2006


Relocating ssh keys is easy.
  -update the sshd_config AuthorizedKeysFile variable to match the new,
   root owned location (no longer in ~/.ssh/authorized_keys)
   We use /home/admin/.ssh/%u/authorized_keys2 and a single jail.
  -understand that the ssh key handling occurs BEFORE scponly, the keys
   should be located above the chroot point if you don't want the users
   to maintain them.  (otherwise the sshd can look in the user's chroot
   incoming .ssh directory)

Paul Hyder
NOAA Earth System Research Laboratory, Global Systems Division
Boulder, CO

bridavis at comcast.net wrote:
> First, is there anyway to search the mailing list archives?
> 
> I'm afraid the answer to this question is no, but I wanted to check first.
> 
> I have multiple users which I want to use key based ssh authentication. However, I don't want to build multiple chroot environments, since it would be just copying all the same files over and over for each user (i.e. n users = n chroot environments). I would have a single chroot base with different "incoming" directories which would only be writable to the respective user, and I'd use the scponly // magic to have each user placed into the right writable directory.
> 
> The problem is that sshd looks for .ssh/authorized_keys in the user's home directory (which I'm assuming is the /chroot base and not the writable "incoming" directory). In this case, only one .ssh/authoized_keys file can exist in the chroot env.
> 
> Is this correct? Is there a way around this?
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> scponly mailing list
> scponly at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/scponly



More information about the scponly mailing list