OT: My ssh authorized_keys doesn't work with nfs/nis

Polytropon freebsd at edvax.de
Sat Sep 14 12:36:38 UTC 2019 

On Sat, 14 Sep 2019 07:36:26 -0400, Aryeh Friedman wrote:
> On Sat, Sep 14, 2019 at 7:21 AM Polytropon <freebsd at edvax.de> wrote:
> 
> > On Sat, 14 Sep 2019 07:09:17 -0400, Aryeh Friedman wrote:
> > > I am using the default out of the box /etc/sshd_config for 11 and 12 that
> > > has only two uncommented out configs:
> > >
> > > AuthorizedKeysFile .ssh/authorized_keys
> > > Subsystem sftp /usr/libexec/sftp-server
> > >
> > > So unless I am reading the first one completely wrong then it uses
> > > ~user/.ssh/authorized_keys which is what the ls above is of.
> >
> > From "man 5 sshd_config":
> >
> >      AuthorizedKeysFile
> >              Specifies the file that contains the public keys that can be
> > used
> >              for user authentication.  AuthorizedKeysFile may contain
> > tokens
> >              of the form %T which are substituted during connection setup.
> >              The following tokens are defined: %% is replaced by a literal
> >              '%', %h is replaced by the home directory of the user being
> >              authenticated, and %u is replaced by the username of that
> > user.
> >              After expansion, AuthorizedKeysFile is taken to be an absolute
> >              path or one relative to the user's home directory.  The
> > default
> >              is ``.ssh/authorized_keys''.
> >
> > Maybe you can try to use "%h/.ssh/authorized_keys" or, if it applies,
> > "/usr/home/%u/.ssh/authorized_keys" to check if this is a path problem?
> >
> 
> Neither idea works and I don't think we are using the same version of sshd
> (your must be from ports or something mine is from base)... [...]

It is. :-)



> [...] because the
> same section of the man page reads nothing like what you posted:
> 
>     AuthorizedKeysFile
>              Specifies the file that contains the public keys used for user
>              authentication.  The format is described in the AUTHORIZED_KEYS
>              FILE FORMAT section of sshd(8).  Arguments to
> AuthorizedKeysFile
>              accept the tokens described in the TOKENS section.  After
>              expansion, AuthorizedKeysFile is taken to be an absolute path
> or
>              one relative to the user's home directory.  Multiple files may
> be
>              listed, separated by whitespace.  Alternately this option may
> be
>              set to none to skip checking for user keys in files.  The
> default
>              is ".ssh/authorized_keys .ssh/authorized_keys2".

I assume the documentation source listed there will tell you
roughly the same. Maybe the keys path wasn't constructed as
required?



-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...

More information about the freebsd-questions mailing list