Ram*_*esh 10 ssh key-authentication
作为对我上一个问题的跟进,我决定创建如下本地用户帐户。
adduser --system --no-create-home USERNAME
现在,我希望本地用户能够使用ssh. 根据我的理解,ssh工作如下。
假设我有 2 台机器(比如alpha和beta)。
ssh user@beta~/.ssh/authorized_keys在beta机器下。/~/.ssh在alpha机器下。现在我计划为用户实现无家。因此,假设我adduser在没有任何用户家的情况下进入beta机器,我是否仍然能够从alpha ssh 进入beta 版?
Cre*_*eek 10
~/.ssh/只是sshd用于查找传入用户的公钥的默认位置。您可以sshd通过修改 中的AuthorizedKeysFile指令 来配置要查找的位置和文件/etc/ssh/sshd_config。我的目前看起来像:
AuthorizedKeysFile %h/.ssh/authorized_keys
该sshd_config手册页提供了更多的细节:
AuthorizedKeysFile
Specifies the file that contains the public keys that can be used for user authentication. The format is
described in the AUTHORIZED_KEYS FILE FORMAT section of sshd(8). AuthorizedKeysFile may contain tokens of
the form %T which are substituted during connection setup. The following tokens are defined: %% is
replaced by a literal '%', %h is replaced by the home directory of the user being authenticated, and %u is
replaced by the username of that user. After expansion, AuthorizedKeysFile is taken to be an absolute
path or one relative to the user's home directory. Multiple files may be listed, separated by whitespace.
The default is “.ssh/authorized_keys .ssh/authorized_keys2”.
请注意,这sshd对用户authorized_key文件的权限非常讲究。如果您进行设置并遇到登录问题,您将需要密切关注您的日志。
| 归档时间: |
|
| 查看次数: |
20249 次 |
| 最近记录: |