[scponly] ssh key auth. using the same chroot env., possible?
Whit Blauvelt
whit at transpect.com
Mon Jun 25 21:15:52 EDT 2007
Hi,
If I don't care about users maintaining their authorized_keys file (that's
to say, it can be in their space), where does it go to make it work? We're
chrooting users, so with the home dir defined in passwd like:
/some/path/to/user//files
Then so far neither /some/path/to/user/.ssh/authorized_keys nor
/some/path/to/usr/files/.ssh/authorized_keys works so far - not if owned by
the user, not if owned by root. This is on a system where ssh works fine for
normal users. It's just the scponly setup that's flummoxing me. For normal
accounts, I'd like to keep the default sshd config.
Thanks,
Whit
On Wed, Nov 29, 2006 at 10:21:17PM -0700, Paul Hyder wrote:
> Relocating ssh keys is easy.
> -update the sshd_config AuthorizedKeysFile variable to match the new,
> root owned location (no longer in ~/.ssh/authorized_keys)
> We use /home/admin/.ssh/%u/authorized_keys2 and a single jail.
> -understand that the ssh key handling occurs BEFORE scponly, the keys
> should be located above the chroot point if you don't want the users
> to maintain them. (otherwise the sshd can look in the user's chroot
> incoming .ssh directory)
>
> Paul Hyder
> NOAA Earth System Research Laboratory, Global Systems Division
> Boulder, CO
More information about the scponly
mailing list