[openSSH] home dir shared between users - SSH

This is a discussion on [openSSH] home dir shared between users - SSH ; Hi there, i have searched the net but found nothing to help me, hopefully someone has mercy and gives me hint. Following problem: I have a host (Debian GNU/Linux) which allows sftp/scp access via user accounts setup to use ssh ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: [openSSH] home dir shared between users

  1. [openSSH] home dir shared between users

    Hi there,

    i have searched the net but found nothing to help me, hopefully
    someone has mercy and gives me hint.
    Following problem:

    I have a host (Debian GNU/Linux) which allows sftp/scp access via user
    accounts setup to use ssh (only public key auth allowd) and scponlyc
    (chrooted version!) as login shell.

    This all works nice and fine, but there is one glitch in the setup.
    All users share one common home directory. All public keys are stored
    in the same .ssh/authorized_keys file. The users have no permissions
    to change these file nor anything important for the functioning of
    the chroot.
    They only share some directories directories to share/upload data.

    Problem now is that every user can use his ssh key *but* could use
    the username of a different user to login as the users all share
    the same home directory.

    So my question is whether there is a different method in openSSH to
    link the username to a specific key instead of

    /.ssh/authorized_heys

    Ideally this would be something like the 'from' statement which is used
    to restrict access from specific hosts with a specific key.

    My search revealed nothing, the only workaround i can thing of atm is to
    create a separate home dir in the chroot for every user and do a bind mount
    into the home dir for all shared directories.


    Thanks in advance

    --lars

  2. Re: [openSSH] home dir shared between users

    Hi there,

    You shouldn't have a common home directory between users. Instead
    create an own home directory for each user and put an authorized_keys
    (with a single key) and a symlink to the actual data directory there.
    Example:

    /var/scpusers/ Directory containing data to download
    /var/scpupload/ Common upload directory

    /home/someuser/.ssh/authorized_keys Holding a single auth key
    /home/someuser/pub Symlink to /var/scpusers
    /home/someuser/upload Symlink to /var/scpupload

    If you use useradd(8) to create users, then you can predefine this
    directory structure in /etc/skel/, and then create users with something
    like this:

    useradd -m USERNAME

    You'll still need to create the authorized_keys file manually in a
    separate step.

    Regards.

  3. Re: [openSSH] home dir shared between users

    * Ertugrul Soeylemez wrote:
    > You shouldn't have a common home directory between users. Instead


    Yes, i realized this after thinking about it. Sadly, i first implemented
    the described setup...

    Anyway thanks a lot for your help.

    --lars

  4. Re: [openSSH] home dir shared between users

    In article <4ssmb3-pkk.ln1@root-home-bla-stuff.de> Lars Wilke
    writes:
    >* Ertugrul Soeylemez wrote:
    >> You shouldn't have a common home directory between users. Instead

    >
    >Yes, i realized this after thinking about it. Sadly, i first implemented
    >the described setup...


    Well, either that, or just have a single remote user that everyone uses,
    and keep track of the actual identity of the user by means of
    environment= and/or command= options in his key.

    --Per Hedeland
    per@hedeland.org

+ Reply to Thread