From owner-freebsd-questions@FreeBSD.ORG Sat Jan 20 16:53:17 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A005416A400 for ; Sat, 20 Jan 2007 16:53:17 +0000 (UTC) (envelope-from maanjee@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.179]) by mx1.freebsd.org (Postfix) with ESMTP id 4E71713C455 for ; Sat, 20 Jan 2007 16:53:17 +0000 (UTC) (envelope-from maanjee@gmail.com) Received: by py-out-1112.google.com with SMTP id f31so390025pyh for ; Sat, 20 Jan 2007 08:53:16 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=JJaUG4zATB4qptmtMW+Aom8KBzEbijya98ePylJ1/PRbd+irfVtR+4yX2iyyHCbO9FzsDr0JWaeWUXzgVgqUJOuBr8MaLc/xYbGn/GR4XJjdLNhN+60pL2lqROwxGBV5bz4weQYeswzHgPo8vmzDPBmYKvs5H2QMvXSCsfO9LZg= Received: by 10.35.57.2 with SMTP id j2mr6400579pyk.1169311996637; Sat, 20 Jan 2007 08:53:16 -0800 (PST) Received: by 10.35.49.18 with HTTP; Sat, 20 Jan 2007 08:53:16 -0800 (PST) Message-ID: <2cd0a0da0701200853w10e87152oe0e23bbf8dc22f14@mail.gmail.com> Date: Sat, 20 Jan 2007 17:53:16 +0100 From: VeeJay To: "Matthew Seaman" , derek@computinginnovations.com, FreeBSD-Questions In-Reply-To: <45B1F3EB.2050602@infracaninophile.co.uk> MIME-Version: 1.0 References: <2cd0a0da0701192320l5b64fee3l50f88977306d3b57@mail.gmail.com> <45B1F3EB.2050602@infracaninophile.co.uk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Re: SSH2 question? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Jan 2007 16:53:17 -0000 Right... But I am not running any FTP server..... user is getting login by SSH/SFTP..... would i have to change the user's login configruation or what? Thanks /VJ On 1/20/07, Matthew Seaman wrote: > > VeeJay wrote: > > Hello > > > > I have two questions, please comment... > > > > 1. Can one user have more than one public_keys i.e. multiple > public_keys? > > Yes. > > > If yes to above, would all be stored at users path like > /home/username/.ssh > > That would be the usual way of doing things, but there is no restriction > on where you can put keys, other than the requirement that the location > is sufficiently well secured that keys cannot be modified by anyone other > than the owner or root. > > Note that ssh will by default look for private keys in ${HOME}/.ssh/id_dsa > and ${HOME}/.ssh/id_rsa -- if you keep private keys in other files, > you'll need to tell ssh that by using the '-I' flag on the command line > > *public* keys are different. Public keys and the authorized_keys > file must be stored relative to the home directory of the account they > are being used to access. Well, you generally keep a copy of the public > key with the corresponding private key for reference -- unless it is > in the authorized_keys file it doesn't have any effect. The restrictions > on who can modify the authorized_keys file are strict. > > > If yes, to above, would all public keys be written at the same line > > for option in ssh_config file "AuthorizedKeysFile"? > > You can certainly add as many public keys as you want to an authorized > keys file. Basically that says that the owner of the public key > corresponding to one of those public keys is permitted to log into that > account. > > > AuthorizedKeysFile .ssh/user_authorized_keys > > Note that this location is relative to the home directory of the account > that is being logged into. The assumption is that each userid has a > separate home directory. If you made a number of accounts and had them > all share the same home directory, then the authorized keys file would > permit login to any of the accounts using that home directory (assuming > you could satisfy sshd's requirements about filesystem permissions) > > > 2. What about other users who also have SSH account, How to indentify in > > ssh_config file that which public_key belongs to which user? > > You wouldn't use the ssh_config file for that. There's a comment field > at the end of a SSH public key which you can set to whatever value you > want. ssh-keygen defaults to username@hostname, but you can just edit > the file and change it to whatever you want, so long as it is all on one > line. > > Cheers, > > Matthew > > > -- > Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard > Flat 3 > PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate > Kent, CT11 9PW > > > > -- Thanks! BR / vj