OT: My ssh authorized_keys doesn't work with nfs/nis

Aryeh Friedman aryeh.friedman at gmail.com
Sat Sep 14 11:36:39 UTC 2019 

On Sat, Sep 14, 2019 at 7:21 AM Polytropon <freebsd at edvax.de> wrote:

> On Sat, 14 Sep 2019 07:09:17 -0400, Aryeh Friedman wrote:
> > I am using the default out of the box /etc/sshd_config for 11 and 12 that
> > has only two uncommented out configs:
> >
> > AuthorizedKeysFile .ssh/authorized_keys
> > Subsystem sftp /usr/libexec/sftp-server
> >
> > So unless I am reading the first one completely wrong then it uses
> > ~user/.ssh/authorized_keys which is what the ls above is of.
>
> From "man 5 sshd_config":
>
>      AuthorizedKeysFile
>              Specifies the file that contains the public keys that can be
> used
>              for user authentication.  AuthorizedKeysFile may contain
> tokens
>              of the form %T which are substituted during connection setup.
>              The following tokens are defined: %% is replaced by a literal
>              '%', %h is replaced by the home directory of the user being
>              authenticated, and %u is replaced by the username of that
> user.
>              After expansion, AuthorizedKeysFile is taken to be an absolute
>              path or one relative to the user's home directory.  The
> default
>              is ``.ssh/authorized_keys''.
>
> Maybe you can try to use "%h/.ssh/authorized_keys" or, if it applies,
> "/usr/home/%u/.ssh/authorized_keys" to check if this is a path problem?
>

Neither idea works and I don't think we are using the same version of sshd
(your must be from ports or something mine is from base)... because the
same section of the man page reads nothing like what you posted:

    AuthorizedKeysFile
             Specifies the file that contains the public keys used for user
             authentication.  The format is described in the AUTHORIZED_KEYS
             FILE FORMAT section of sshd(8).  Arguments to
AuthorizedKeysFile
             accept the tokens described in the TOKENS section.  After
             expansion, AuthorizedKeysFile is taken to be an absolute path
or
             one relative to the user's home directory.  Multiple files may
be
             listed, separated by whitespace.  Alternately this option may
be
             set to none to skip checking for user keys in files.  The
default
             is ".ssh/authorized_keys .ssh/authorized_keys2".


>
>
>
> --
> Polytropon
> Magdeburg, Germany
> Happy FreeBSD user since 4.0
> Andra moi ennepe, Mousa, ...
>


-- 
Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org

More information about the freebsd-questions mailing list