Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- [openSSH] home dir shared between users
- Lars Wilke
February 5, 2006, 7:19 pm
rate this thread
i have searched the net but found nothing to help me, hopefully
someone has mercy and gives me hint.
I have a host (Debian GNU/Linux) which allows sftp/scp access via user
accounts setup to use ssh (only public key auth allowd) and scponlyc
(chrooted version!) as login shell.
This all works nice and fine, but there is one glitch in the setup.
All users share one common home directory. All public keys are stored
in the same .ssh/authorized_keys file. The users have no permissions
to change these file nor anything important for the functioning of
They only share some directories directories to share/upload data.
Problem now is that every user can use his ssh key *but* could use
the username of a different user to login as the users all share
the same home directory.
So my question is whether there is a different method in openSSH to
link the username to a specific key instead of
<users home dir>/.ssh/authorized_heys
Ideally this would be something like the 'from' statement which is used
to restrict access from specific hosts with a specific key.
My search revealed nothing, the only workaround i can thing of atm is to
create a separate home dir in the chroot for every user and do a bind mount
into the home dir for all shared directories.
Thanks in advance
- Ertugrul Soeylemez
February 5, 2006, 11:15 pm
Re: [openSSH] home dir shared between users
You shouldn't have a common home directory between users. Instead
create an own home directory for each user and put an authorized_keys
(with a single key) and a symlink to the actual data directory there.
/var/scpusers/ Directory containing data to download
/var/scpupload/ Common upload directory
/home/someuser/.ssh/authorized_keys Holding a single auth key
/home/someuser/pub Symlink to /var/scpusers
/home/someuser/upload Symlink to /var/scpupload
If you use useradd(8) to create users, then you can predefine this
directory structure in /etc/skel/, and then create users with something
useradd -m USERNAME
You'll still need to create the authorized_keys file manually in a
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum