[scponly] ssh key auth. using the same chroot env., possible?

Brian Davis bridavis at comcast.net
Thu Nov 30 17:58:00 EST 2006


Thanks Paul!

Paul Hyder wrote:
> Relocating ssh keys is easy.
>   -update the sshd_config AuthorizedKeysFile variable to match the new,
>    root owned location (no longer in ~/.ssh/authorized_keys)
>    We use /home/admin/.ssh/%u/authorized_keys2 and a single jail.
>   -understand that the ssh key handling occurs BEFORE scponly, the keys
>    should be located above the chroot point if you don't want the users
>    to maintain them.  (otherwise the sshd can look in the user's chroot
>    incoming .ssh directory)
>
> Paul Hyder
> NOAA Earth System Research Laboratory, Global Systems Division
> Boulder, CO
>
> bridavis at comcast.net wrote:
>   
>> First, is there anyway to search the mailing list archives?
>>
>> I'm afraid the answer to this question is no, but I wanted to check first.
>>
>> I have multiple users which I want to use key based ssh authentication. However, I don't want to build multiple chroot environments, since it would be just copying all the same files over and over for each user (i.e. n users = n chroot environments). I would have a single chroot base with different "incoming" directories which would only be writable to the respective user, and I'd use the scponly // magic to have each user placed into the right writable directory.
>>
>> The problem is that sshd looks for .ssh/authorized_keys in the user's home directory (which I'm assuming is the /chroot base and not the writable "incoming" directory). In this case, only one .ssh/authoized_keys file can exist in the chroot env.
>>
>> Is this correct? Is there a way around this?
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> scponly mailing list
>> scponly at lists.ccs.neu.edu
>> https://lists.ccs.neu.edu/bin/listinfo/scponly
>>     
>
>   



More information about the scponly mailing list