Date: Sat, 20 Jan 2007 17:53:16 +0100 From: VeeJay <maanjee@gmail.com> To: "Matthew Seaman" <m.seaman@infracaninophile.co.uk>, derek@computinginnovations.com, FreeBSD-Questions <freebsd-questions@freebsd.org> Subject: Re: SSH2 question? Message-ID: <2cd0a0da0701200853w10e87152oe0e23bbf8dc22f14@mail.gmail.com> In-Reply-To: <45B1F3EB.2050602@infracaninophile.co.uk> References: <2cd0a0da0701192320l5b64fee3l50f88977306d3b57@mail.gmail.com> <45B1F3EB.2050602@infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Right...
But I am not running any FTP server..... user is getting login by
SSH/SFTP.....
would i have to change the user's login configruation or what?
Thanks
/VJ
On 1/20/07, Matthew Seaman <m.seaman@infracaninophile.co.uk> wrote:
>
> VeeJay wrote:
> > Hello
> >
> > I have two questions, please comment...
> >
> > 1. Can one user have more than one public_keys i.e. multiple
> public_keys?
>
> Yes.
>
> > If yes to above, would all be stored at users path like
> /home/username/.ssh
>
> That would be the usual way of doing things, but there is no restriction
> on where you can put keys, other than the requirement that the location
> is sufficiently well secured that keys cannot be modified by anyone other
> than the owner or root.
>
> Note that ssh will by default look for private keys in ${HOME}/.ssh/id_dsa
> and ${HOME}/.ssh/id_rsa -- if you keep private keys in other files,
> you'll need to tell ssh that by using the '-I' flag on the command line
>
> *public* keys are different. Public keys and the authorized_keys
> file must be stored relative to the home directory of the account they
> are being used to access. Well, you generally keep a copy of the public
> key with the corresponding private key for reference -- unless it is
> in the authorized_keys file it doesn't have any effect. The restrictions
> on who can modify the authorized_keys file are strict.
>
> > If yes, to above, would all public keys be written at the same line
> > for option in ssh_config file "AuthorizedKeysFile"?
>
> You can certainly add as many public keys as you want to an authorized
> keys file. Basically that says that the owner of the public key
> corresponding to one of those public keys is permitted to log into that
> account.
>
> > AuthorizedKeysFile .ssh/user_authorized_keys
>
> Note that this location is relative to the home directory of the account
> that is being logged into. The assumption is that each userid has a
> separate home directory. If you made a number of accounts and had them
> all share the same home directory, then the authorized keys file would
> permit login to any of the accounts using that home directory (assuming
> you could satisfy sshd's requirements about filesystem permissions)
>
> > 2. What about other users who also have SSH account, How to indentify in
> > ssh_config file that which public_key belongs to which user?
>
> You wouldn't use the ssh_config file for that. There's a comment field
> at the end of a SSH public key which you can set to whatever value you
> want. ssh-keygen defaults to username@hostname, but you can just edit
> the file and change it to whatever you want, so long as it is all on one
> line.
>
> Cheers,
>
> Matthew
>
>
> --
> Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
> Flat 3
> PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
> Kent, CT11 9PW
>
>
>
>
--
Thanks!
BR / vj
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2cd0a0da0701200853w10e87152oe0e23bbf8dc22f14>