Timeline
Post
Remote status
Fetching context…
This post replies to something we haven't fetched yet. We'll try to pull in the missing thread context in the background.
@mWare @lienrag every server I manage for 10+ years gets this in sshd_config:
AuthorizedKeysFile /etc/ssh-keys/%u
the files in /etc/ssh-keys are not writable by the users. give me the keys, they get put in there manually or by automation (ansible, chef, whatever)
edit: it wouldn't be awful to let users edit those files with sudo, but that opens a whole new can of worms
AuthorizedKeysFile /etc/ssh-keys/%u
the files in /etc/ssh-keys are not writable by the users. give me the keys, they get put in there manually or by automation (ansible, chef, whatever)
edit: it wouldn't be awful to let users edit those files with sudo, but that opens a whole new can of worms
Replies
2
@passthejoe @lienrag @mWare learned this at a security job, and we had a script that ran to pull everyone's ssh keys out of LDAP and write them to those files. So you could self-manage your keys and they'd get onto servers within a few minutes