regarding the patch to support multiple authorizedkeysfile configuration choices for sshd [0]:
AuthorizedKeysFile currently is not supported by the Match keyword. If
this feature of multiple AuthorizedKeysFile entries was supported, it
would be ambiguous for use within a Match block (e.g. would a new
AuthorizedKeysFile within a Match be a replacement for the generic
AuthorizedKeysFile, or would it be in addition to?).
Martin Krafft's proposal for an authorized_keys directory [1] would
permit system configuration of the type Bastian is proposing through the
use of symlinks like this:
mkdir /etc/ssh/authorized_keys/user17
ln -s ~user17/.ssh/authorized_keys /etc/ssh/authorized_keys/user17/
and set:
AuthorizedKeysFile /etc/ssh/authorized_keys/%u
This would allow future inclusion of AuthorizedKeysFile in a Match block
(as an unambiguous override of other settings).
--dkg
[0] http://bugs.debian.org/560148
[1] http://bugs.debian.org/481251
signature.asc
Description: OpenPGP digital signature
