This is sort of what I have implemented. We are a service bureau for other state agencies. To prevent the agencies from using each other's keys and improving separation I set each agency's key in an HFS user directory with the agency having exclusive permission to that directory.
This causes us to maintain more keys but my experience with key management across multiple agencies/users make this worth while. Ruddy A. Melancon IT System Specialist - ISD State of Alabama Suite 102 64 North Union Street Montgomery, AL 36130 Office 334.353.7275 Fax 334.240.3177 When the only tool you have is a hammer, every problem begins to resemble a nail. -----Original Message----- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of Mark Post Sent: Tuesday, July 24, 2007 2:51 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: OpenSSH and 'HostBased' Authentication >>> On Tue, Jul 24, 2007 at 2:46 PM, in message <[EMAIL PROTECTED]>, Larry Ploetz <[EMAIL PROTECTED]> wrote: > Mark Post wrote: >>>>> On Fri, Jul 20, 2007 at 5:54 PM, in message <[EMAIL PROTECTED]>, >>>>> >> Larry Ploetz <[EMAIL PROTECTED]> wrote: >> -snip- >> >>> in your sshd_config file, to keep them all in one place. Then you could >>> allow/prevent users from updating their own authorized_keys. Or even put >>> all authorized keys for all users in one file (replace the "%u" with a >>> static file name). >>> >> >> I would think that this last suggestion would allow any user to log in as > any other user. Probably not a good idea. >> > > Only if they had the corresponding key half, which was the point IIRC. I But, they _would_ have the private key half of their pair, and if they did "ssh -l somebodyelse ipaddr" then SSH would locate the corresponding public key, do the handshake, and say "yep, you're them!" and let you in. Only if you broke the keys for each user out into a separate file would things work they way you state (because SSH wouldn't be able to find the public key in the other user's file), but then you wouldn't have them all in one place. > was confused, by the way, why anyone would want to put an entry in every > users authorize_keys file to allow anyone with the other half (stated as > `root', but if anyone got a copy, then anyone) to log in as them -- why If someone gets hold of the root user's private key (and passphrase), it doesn't matter what you do on the server. That person can do whatever root can do. > not just su/"sudo -u" to the target userid? Why add additional potential Personally, I wouldn't do it. But if you did it, it would probably be for the reason that scripting a lot of things just works easier/more clearly if you sign in as the user directly. Mark Post ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
