[oclug] Rsync and SSH
rjordan at student.math.uwaterloo.ca
Tue Mar 19 15:09:54 EST 2002
> Sorry, I don't read oclug on a regular basis so it sometimes takes me a
> while to respond.
> If I understand, you trying to prevent users from using keys, except for
> some users? You could try creating their authorized_keys files owned by
> root, so that they can't edit/modify them. For that to work, you probably
> have to edit the sshd_config file as well, and change the default key
> location. If it was still their home directory, they could "rm -rf .ssh",
> and recreate it on you.
> There may be a better way, that's all I could think of at the moment though.
I thought of doing this; but it makes administration and auditing a
bit of a pain. We ended up using two daemons on two ports -- one
with PublicKey for a subset of users specified in the configuration
file and the other with password auth only. I wish the configuration
file allowd more granularity in restricting authentication on a per user
and per host basis.
"Trying to make bits uncopyable is like trying to make water not wet.
The sooner people accept this, and build business models that take
this into account, the sooner people will start making money again".
-- Bruce Schneier
More information about the OCLUG