[openSSH] home dir shared between users

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi there,

i have searched the net but found nothing to help me, hopefully
someone has mercy and gives me hint.
Following problem:

I have a host (Debian GNU/Linux) which allows sftp/scp access via user
accounts setup to use ssh (only public key auth allowd) and scponlyc
(chrooted version!) as login shell.

This all works nice and fine, but there is one glitch in the setup.
All users share one common home directory. All public keys are stored
in the same .ssh/authorized_keys file. The users have no permissions
to change these file nor anything important for the functioning of
the chroot.
They only share some directories directories to share/upload data.

Problem now is that every user can use his ssh key *but* could use
the username of a different user to login as the users all share
the same home directory.

So my question is whether there is a different method in openSSH to
link the username to a specific key instead of

   <users home dir>/.ssh/authorized_heys

Ideally this would be something like the 'from' statement which is used
to restrict access from specific hosts with a specific key.

My search revealed nothing, the only workaround i can thing of atm is to
create a separate home dir in the chroot for every user and do a bind mount
into the home dir for all shared directories.

Thanks in advance


Re: [openSSH] home dir shared between users

Hi there,

You shouldn't have a common home directory between users.  Instead
create an own home directory for each user and put an authorized_keys
(with a single key) and a symlink to the actual data directory there.

  /var/scpusers/   Directory containing data to download
  /var/scpupload/  Common upload directory

  /home/someuser/.ssh/authorized_keys  Holding a single auth key
  /home/someuser/pub                   Symlink to /var/scpusers
  /home/someuser/upload                Symlink to /var/scpupload

If you use useradd(8) to create users, then you can predefine this
directory structure in /etc/skel/, and then create users with something
like this:

  useradd -m USERNAME

You'll still need to create the authorized_keys file manually in a
separate step.


Re: [openSSH] home dir shared between users

* Ertugrul Soeylemez wrote:
Quoted text here. Click to load it

Yes, i realized this after thinking about it. Sadly, i first implemented
the described setup...

Anyway thanks a lot for your help.


Re: [openSSH] home dir shared between users

Quoted text here. Click to load it

Well, either that, or just have a single remote user that everyone uses,
and keep track of the actual identity of the user by means of
environment= and/or command= options in his key.

--Per Hedeland

Site Timeline