From owner-freebsd-questions@freebsd.org  Sat Sep 14 11:36:39 2019
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id D6EC9F18A0
 for <freebsd-questions@mailman.nyi.freebsd.org>;
 Sat, 14 Sep 2019 11:36:39 +0000 (UTC)
 (envelope-from aryeh.friedman@gmail.com)
Received: from mail-io1-xd30.google.com (mail-io1-xd30.google.com
 [IPv6:2607:f8b0:4864:20::d30])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 46Vr7W0Gxvz3Mf9
 for <freebsd-questions@freebsd.org>; Sat, 14 Sep 2019 11:36:38 +0000 (UTC)
 (envelope-from aryeh.friedman@gmail.com)
Received: by mail-io1-xd30.google.com with SMTP id r26so68273297ioh.8
 for <freebsd-questions@freebsd.org>; Sat, 14 Sep 2019 04:36:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=5OS1aKeUULUVclUiwUT2Rg1VKe2Z8sk1jJHST/emvTQ=;
 b=l8JjyXyoo+v+zpbK/v945ZcEwZjRgJKoZ68N8PgcQVDWEvgV/X4z/X9FjRI0gKhWd+
 5xgXmwbZxpU2THZMGu1Ya1PR2AGDGDkNU1/ZwRSShsosuMWB3u/rfUbQx4I8gSglEMkJ
 0vJRo/tT20DYTeOEyDRiwiIf5bXcKg/qjThEtfeZRCyK8yi8Hw9PaBLDWjCCO4gG5M4d
 3tJbJ2qY8Kt3tRUIFFyKj6izpZNsxdCAw3mUt+wY998Ee3hDqDCO/yUqlvP1wrPzACAQ
 QluE8tmQ2w0oK5mTW/x7Gr4OkankoVo1I7V10i1hkUfkbZu/Rh8NhRR4h3LWahEbx7CN
 s9Ag==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=5OS1aKeUULUVclUiwUT2Rg1VKe2Z8sk1jJHST/emvTQ=;
 b=F2kOohWlFKiOTcxevl34kPBxLFNV1gU55UZ7+CXI5dx/UOTdFtcA2rvsOJLrFJly2w
 Bw1B03wbHMfaF+eOw37Ni02h/RB/Rm7u8gfHPN/Psl6mOQfond2gHyM9PpKGoq2wDa7o
 4WFdBJXKXR4nI7tGHwusF7xEIURq7QsJUHVAKQlI2irZuq+1ECRevWGk1S9LIXxxqF57
 mHHCiKF49MeuIE3zgjFnBI/pXemQg0QE943TgqEcv/mXKkMnZ+Xo3wV77CLrek7Y4xh6
 VCSzyTsbLppSnycZuIA3p6A1YdpYfopI7VAHl9tpvllYg9WLHz3RFlYcMlUMkqWzq0CZ
 ISKA==
X-Gm-Message-State: APjAAAUC0uefWgrQTustGm9P2ZDECNo7hG8/uIOdGwZXzwc2nwfsPVnS
 JbjyJYv1Jo/5IwBvVWa7c+hWG4/iyjdfZbM4JflomYpgpPM=
X-Google-Smtp-Source: APXvYqxSCfXaWGyXWmkCae5AiqWG0g28RM0XojzdvYKMYWKhZspQ6oEzX0AHfEWyrnKL8cEzLF2ydnSSiR798Ubdfr4=
X-Received: by 2002:a6b:148b:: with SMTP id 133mr5861548iou.81.1568460997504; 
 Sat, 14 Sep 2019 04:36:37 -0700 (PDT)
MIME-Version: 1.0
References: <CAGBxaXkVQNE6deyWs9JXh9vqmKz8tLc9HfqC8ZmBLrK2jv7p3A@mail.gmail.com>
 <0b5eed49-986a-d40e-7df9-971a47cb500e@FreeBSD.org>
 <CAGBxaXmyX-YT4=1aH5dCRT4sj0H1ZMxnOnKO4ctVf=vtWqY=5Q@mail.gmail.com>
 <20190914132059.207eef7e.freebsd@edvax.de>
In-Reply-To: <20190914132059.207eef7e.freebsd@edvax.de>
From: Aryeh Friedman <aryeh.friedman@gmail.com>
Date: Sat, 14 Sep 2019 07:36:26 -0400
Message-ID: <CAGBxaXmt1bH78sbGJzbLoAvzSN9mRfbWW89AFjQpuiXG9DVrCA@mail.gmail.com>
Subject: Re: OT: My ssh authorized_keys doesn't work with nfs/nis
To: Polytropon <freebsd@edvax.de>
Cc: FreeBSD Mailing List <freebsd-questions@freebsd.org>
X-Rspamd-Queue-Id: 46Vr7W0Gxvz3Mf9
X-Spamd-Bar: -
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=gmail.com header.s=20161025 header.b=l8JjyXyo;
 dmarc=pass (policy=none) header.from=gmail.com;
 spf=pass (mx1.freebsd.org: domain of aryehfriedman@gmail.com designates
 2607:f8b0:4864:20::d30 as permitted sender)
 smtp.mailfrom=aryehfriedman@gmail.com
X-Spamd-Result: default: False [-2.00 / 15.00];
 R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36];
 FREEMAIL_FROM(0.00)[gmail.com]; URI_COUNT_ODD(1.00)[3];
 TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+];
 RCPT_COUNT_TWO(0.00)[2];
 DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
 FROM_EQ_ENVFROM(0.00)[];
 IP_SCORE(0.00)[ip: (-5.15), ipnet: 2607:f8b0::/32(-2.70), asn: 15169(-2.24),
 country: US(-0.05)]; MIME_TRACE(0.00)[0:+,1:+,2:~];
 FREEMAIL_ENVFROM(0.00)[gmail.com];
 ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
 TAGGED_FROM(0.00)[];
 DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0];
 ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[];
 NEURAL_HAM_LONG(-1.00)[-1.000,0];
 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org];
 IP_SCORE_FREEMAIL(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[];
 RCVD_IN_DNSWL_NONE(0.00)[0.3.d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org
 : 127.0.5.0]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]
Content-Type: text/plain; charset="UTF-8"
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Sep 2019 11:36:39 -0000

On Sat, Sep 14, 2019 at 7:21 AM Polytropon <freebsd@edvax.de> wrote:

> On Sat, 14 Sep 2019 07:09:17 -0400, Aryeh Friedman wrote:
> > I am using the default out of the box /etc/sshd_config for 11 and 12 that
> > has only two uncommented out configs:
> >
> > AuthorizedKeysFile .ssh/authorized_keys
> > Subsystem sftp /usr/libexec/sftp-server
> >
> > So unless I am reading the first one completely wrong then it uses
> > ~user/.ssh/authorized_keys which is what the ls above is of.
>
> From "man 5 sshd_config":
>
>      AuthorizedKeysFile
>              Specifies the file that contains the public keys that can be
> used
>              for user authentication.  AuthorizedKeysFile may contain
> tokens
>              of the form %T which are substituted during connection setup.
>              The following tokens are defined: %% is replaced by a literal
>              '%', %h is replaced by the home directory of the user being
>              authenticated, and %u is replaced by the username of that
> user.
>              After expansion, AuthorizedKeysFile is taken to be an absolute
>              path or one relative to the user's home directory.  The
> default
>              is ``.ssh/authorized_keys''.
>
> Maybe you can try to use "%h/.ssh/authorized_keys" or, if it applies,
> "/usr/home/%u/.ssh/authorized_keys" to check if this is a path problem?
>

Neither idea works and I don't think we are using the same version of sshd
(your must be from ports or something mine is from base)... because the
same section of the man page reads nothing like what you posted:

    AuthorizedKeysFile
             Specifies the file that contains the public keys used for user
             authentication.  The format is described in the AUTHORIZED_KEYS
             FILE FORMAT section of sshd(8).  Arguments to
AuthorizedKeysFile
             accept the tokens described in the TOKENS section.  After
             expansion, AuthorizedKeysFile is taken to be an absolute path
or
             one relative to the user's home directory.  Multiple files may
be
             listed, separated by whitespace.  Alternately this option may
be
             set to none to skip checking for user keys in files.  The
default
             is ".ssh/authorized_keys .ssh/authorized_keys2".


>
>
>
> --
> Polytropon
> Magdeburg, Germany
> Happy FreeBSD user since 4.0
> Andra moi ennepe, Mousa, ...
>


-- 
Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org