How to configure a custom authorized file location for one particular user ?
Environment
- Red Hat Enterprise Linux 6
- openssh-5.3p1-104.el6_6.1
Issue
- How to configure a custom authorized file location for one particular user ?
Resolution
- From man page of sshd_config:
Only a subset of keywords may be used on the lines following a Match keyword.
Available keywords are AllowAgentForwarding, AllowTcpForwarding, Banner, ChrootDirectory, ForceCommand, GatewayPorts, GSSAPIAuthentication, HostbasedAuthentication, KbdInteractiveAuthentication, KerberosAuthentication, KerberosUseKuserok, MaxAuthTries, MaxSessions, PubkeyAuthentication, AuthorizedKeysCommand, AuthorizedKeysCommandRunAs,
PasswordAuthentication, PermitEmptyPasswords, PermitOpen, PermitRootLogin, RequiredAuthentications1, RequiredAuthentications2,RhostsRSAAuthentication, RSAAuthentication, X11DisplayOffset, X11Forwarding and X11UseLocalHost.
-
Directive 'AuthorizedKeysFile' is not allowed within a Match block.
-
This feature was backported with openssh 5.6 and later in upstream:ssh
-
Latest version of openssh we ship in RHEL 6 is: openssh-5.3p1-104.el6_6.1
Hence this feature is not available with openssh version in RHEL 6. -
NOTE: RHEL 7 "openssh-6.4p1-8.el7" has this feature.
Diagnostic Steps
- Added entry as below in /etc/ssh/sshd_config:
Match User logread2
AuthorizedKeysFile /home/logread2keys/.ssh/authorized_keys
- On sshd service restart it gives error:
"/etc/ssh/sshd_config line 17: Directive 'AuthorizedKeysFile' is not allowed within a Match block"
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments