SSH2 question?

VeeJay maanjee at gmail.com
Sat Jan 20 16:53:17 UTC 2007 

Right...

But I am not running any FTP server..... user is getting login by
SSH/SFTP.....

would i have to change the user's login configruation or what?

Thanks

/VJ


On 1/20/07, Matthew Seaman <m.seaman at infracaninophile.co.uk> wrote:
>
> VeeJay wrote:
> > Hello
> >
> > I have two questions, please comment...
> >
> > 1. Can one user have more than one public_keys i.e. multiple
> public_keys?
>
> Yes.
>
> > If yes to above, would all be stored at users path like
> /home/username/.ssh
>
> That would be the usual way of doing things, but there is no restriction
> on where you can put keys, other than the requirement that the location
> is sufficiently well secured that keys cannot be modified by anyone other
> than the owner or root.
>
> Note that ssh will by default look for private keys in ${HOME}/.ssh/id_dsa
> and ${HOME}/.ssh/id_rsa -- if you keep private keys in other files,
> you'll need to tell ssh that by using the '-I' flag on the command line
>
> *public* keys are different.  Public keys and the authorized_keys
> file must be stored relative to the home directory of the account they
> are being used to access.  Well, you generally keep a copy of the public
> key with the corresponding private key for reference -- unless it is
> in the authorized_keys file it doesn't have any effect.  The restrictions
> on who can modify the authorized_keys file are strict.
>
> > If yes, to above, would all public keys be written at the same line
> > for option in ssh_config file "AuthorizedKeysFile"?
>
> You can certainly add as many public keys as you want to an authorized
> keys file.  Basically that says that the owner of the public key
> corresponding to one of those public keys is permitted to log into that
> account.
>
> > AuthorizedKeysFile      .ssh/user_authorized_keys
>
> Note that this location is relative to the home directory of the account
> that is being logged into.  The assumption is that each userid has a
> separate home directory.  If you made a number of accounts and had them
> all share the same home directory, then the authorized keys file would
> permit login to any of the accounts using that home directory (assuming
> you could satisfy sshd's requirements about filesystem permissions)
>
> > 2. What about other users who also have SSH account, How to indentify in
> > ssh_config file that which public_key belongs to which user?
>
> You wouldn't use the ssh_config file for that.  There's a comment field
> at the end of a SSH public key which you can set to whatever value you
> want.  ssh-keygen defaults to username at hostname, but you can just edit
> the file and change it to whatever you want, so long as it is all on one
> line.
>
>        Cheers,
>
>        Matthew
>
>
> --
> Dr Matthew J Seaman MA, D.Phil.                       7 Priory Courtyard
>                                                      Flat 3
> PGP: http://www.infracaninophile.co.uk/pgpkey         Ramsgate
>                                                      Kent, CT11 9PW
>
>
>
>


-- 
Thanks!

BR / vj

More information about the freebsd-questions mailing list