Re: SSH2 question?
VeeJay wrote: Hello I have two questions, please comment... 1. Can one user have more than one public_keys i.e. multiple public_keys? Yes. If yes to above, would all be stored at users path like /home/username/.ssh That would be the usual way of doing things, but there is no restriction on where you can put keys, other than the requirement that the location is sufficiently well secured that keys cannot be modified by anyone other than the owner or root. Note that ssh will by default look for private keys in ${HOME}/.ssh/id_dsa and ${HOME}/.ssh/id_rsa -- if you keep private keys in other files, you'll need to tell ssh that by using the '-I' flag on the command line *public* keys are different. Public keys and the authorized_keys file must be stored relative to the home directory of the account they are being used to access. Well, you generally keep a copy of the public key with the corresponding private key for reference -- unless it is in the authorized_keys file it doesn't have any effect. The restrictions on who can modify the authorized_keys file are strict. If yes, to above, would all public keys be written at the same line for option in ssh_config file AuthorizedKeysFile? You can certainly add as many public keys as you want to an authorized keys file. Basically that says that the owner of the public key corresponding to one of those public keys is permitted to log into that account. AuthorizedKeysFile .ssh/user_authorized_keys Note that this location is relative to the home directory of the account that is being logged into. The assumption is that each userid has a separate home directory. If you made a number of accounts and had them all share the same home directory, then the authorized keys file would permit login to any of the accounts using that home directory (assuming you could satisfy sshd's requirements about filesystem permissions) 2. What about other users who also have SSH account, How to indentify in ssh_config file that which public_key belongs to which user? You wouldn't use the ssh_config file for that. There's a comment field at the end of a SSH public key which you can set to whatever value you want. ssh-keygen defaults to [EMAIL PROTECTED], but you can just edit the file and change it to whatever you want, so long as it is all on one line. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: SSH2 question?
Yes different keys for different hosts, stored below their home directory. -Derek At 01:20 AM 1/20/2007, VeeJay wrote: Hello I have two questions, please comment... 1. Can one user have more than one public_keys i.e. multiple public_keys? If yes to above, would all be stored at users path like /home/username/.ssh If yes, to above, would all public keys be written at the same line for option in ssh_config file AuthorizedKeysFile? AuthorizedKeysFile .ssh/user_authorized_keys 2. What about other users who also have SSH account, How to indentify in ssh_config file that which public_key belongs to which user? -- Thanks! BR / vj ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH2 question?
Hello friends... I really appreciate for your kind help having one more question... can I jail a user being login via SSH/SFTP to an other location/directory than user's $HOME directory? meaing if users $HOME directory is like this /home/alex and user is able to chdir to upward... but I want to limit/chroot user to some other location like /home/temp and don't want to have user chdir upward... . Thanks... VJ On 1/20/07, Derek Ragona [EMAIL PROTECTED] wrote: Yes different keys for different hosts, stored below their home directory. -Derek At 01:20 AM 1/20/2007, VeeJay wrote: Hello I have two questions, please comment... 1. Can one user have more than one public_keys i.e. multiple public_keys? If yes to above, would all be stored at users path like /home/username/.ssh If yes, to above, would all public keys be written at the same line for option in ssh_config file AuthorizedKeysFile? AuthorizedKeysFile .ssh/user_authorized_keys 2. What about other users who also have SSH account, How to indentify in ssh_config file that which public_key belongs to which user? -- Thanks! BR / vj ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- This message has been scanned for viruses and dangerous content by *MailScanner* http://www.mailscanner.info/, and is believed to be clean. MailScanner thanks transtec Computers http://www.transtec.co.uk/ for their support. -- Thanks! BR / vj ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH2 question?
Yes I have used vsftpd from the ports to do just that. -Derek At 10:05 AM 1/20/2007, VeeJay wrote: Hello friends... I really appreciate for your kind help having one more question... can I jail a user being login via SSH/SFTP to an other location/directory than user's $HOME directory? meaing if users $HOME directory is like this /home/alex and user is able to chdir to upward... but I want to limit/chroot user to some other location like /home/temp and don't want to have user chdir upward... . Thanks... VJ On 1/20/07, Derek Ragona mailto:[EMAIL PROTECTED][EMAIL PROTECTED] wrote: Yes different keys for different hosts, stored below their home directory. -Derek At 01:20 AM 1/20/2007, VeeJay wrote: Hello I have two questions, please comment... 1. Can one user have more than one public_keys i.e. multiple public_keys? If yes to above, would all be stored at users path like /home/username/.ssh If yes, to above, would all public keys be written at the same line for option in ssh_config file AuthorizedKeysFile? AuthorizedKeysFile .ssh/user_authorized_keys 2. What about other users who also have SSH account, How to indentify in ssh_config file that which public_key belongs to which user? -- Thanks! BR / vj ___ mailto:freebsd-questions@freebsd.orgfreebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questionshttp://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to mailto:[EMAIL PROTECTED][EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- This message has been scanned for viruses and dangerous content by http://www.mailscanner.info/MailScanner, and is believed to be clean. MailScanner thanks http://www.transtec.co.uk/transtec Computers for their support. -- Thanks! BR / vj -- This message has been scanned for viruses and dangerous content by http://www.mailscanner.info/MailScanner, and is believed to be clean. MailScanner thanks http://www.transtec.co.uk/transtec Computers for their support. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH2 question?
Right... But I am not running any FTP server. user is getting login by SSH/SFTP. would i have to change the user's login configruation or what? Thanks /VJ On 1/20/07, Matthew Seaman [EMAIL PROTECTED] wrote: VeeJay wrote: Hello I have two questions, please comment... 1. Can one user have more than one public_keys i.e. multiple public_keys? Yes. If yes to above, would all be stored at users path like /home/username/.ssh That would be the usual way of doing things, but there is no restriction on where you can put keys, other than the requirement that the location is sufficiently well secured that keys cannot be modified by anyone other than the owner or root. Note that ssh will by default look for private keys in ${HOME}/.ssh/id_dsa and ${HOME}/.ssh/id_rsa -- if you keep private keys in other files, you'll need to tell ssh that by using the '-I' flag on the command line *public* keys are different. Public keys and the authorized_keys file must be stored relative to the home directory of the account they are being used to access. Well, you generally keep a copy of the public key with the corresponding private key for reference -- unless it is in the authorized_keys file it doesn't have any effect. The restrictions on who can modify the authorized_keys file are strict. If yes, to above, would all public keys be written at the same line for option in ssh_config file AuthorizedKeysFile? You can certainly add as many public keys as you want to an authorized keys file. Basically that says that the owner of the public key corresponding to one of those public keys is permitted to log into that account. AuthorizedKeysFile .ssh/user_authorized_keys Note that this location is relative to the home directory of the account that is being logged into. The assumption is that each userid has a separate home directory. If you made a number of accounts and had them all share the same home directory, then the authorized keys file would permit login to any of the accounts using that home directory (assuming you could satisfy sshd's requirements about filesystem permissions) 2. What about other users who also have SSH account, How to indentify in ssh_config file that which public_key belongs to which user? You wouldn't use the ssh_config file for that. There's a comment field at the end of a SSH public key which you can set to whatever value you want. ssh-keygen defaults to [EMAIL PROTECTED], but you can just edit the file and change it to whatever you want, so long as it is all on one line. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -- Thanks! BR / vj ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]