Need help with SSH
I'm running Debian etch on my fileserver. I have SSH running and configured for public key authentication and passwords disabled. What I want is to be authenticated via keys and not have to enter the user password. The problem is that it allows me to log in as any user. As long as the key exists in /etc/ssh/authorized_keys, it will allow the connection and as any user specified.
Obviously I've messed something up. But I've gone over the faqs and docs and I'm missing where it talks about how to tie specific keys to specific users. It should see by the key I provide that it is only valid for my user account. When my friend uses his key, it should see that it is only valid for his user account. How do I configure it in that way?
OK, I think I may have solved my own problem.
I edited /etc/ssh/sshd_config and noticed that I had AuthorizedKeysFile set to /etc/ssh/authorized_keys. I changed it to .ssh/authorized_keys
Then I put my public key into my .ssh/authorized_keys, and put my friend's into his .ssh/authorized_keys.
I have tested it and I can log in as me, but not as him. So this seems to work. I'm not missing anything am I?
Nope, that just about sums it up.
strict mode on is also a good thing to set. ssh then requires strict permissions on your home and .ssh directory.
What was happening before was:
ssh was validating the user
then it was looking for a valid key to the server
It doesn't match a key to a user per-se so any matching pair can login.