Re: [suse-security] Per domain/host options for sshd?

[Wolfram Schlich <lists@xxxxxxxxxxx>]

* Frank Steiner <fsteiner-mail@xxxxxxxxxxxxxx> [2004-06-04 08:53]:
> [...]
> E.g., I would like to restrict the usage of authorized_keys files to certain
> "trusted" domains and disallow it from other domains.
> Does anyone know a way to do this?

$ man sshd
/AUTHORIZED_KEYS FILE FORMAT

But beware: when ther's a way for the corresponding user to modify
his ~/.ssh/authorized_keys, he could remove the corresponding entries.

So, the best bet would be setting something like

	AuthorizedKeysFile /etc/ssh/authorized_keys.%u

in /etc/ssh/sshd_config.
The corresponding user's authorized_keys would then be stored as

	/etc/ssh/authorized_keys.$USERNAME

and due to the permissions of /etc/ssh they wouldn't be writable to
the user.
-- 
Wolfram Schlich; Friedhofstr. 8, D-88069 Tettnang; +49-(0)178-SCHLICH

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here