Re: Multiple authorized_keys2 files or how to achieve same effect.

Hello,

For sure i am far away from the kind of answer you hope; but why not use 
differents users and let each user use sudo ? it will be easier for you 
isn't it ? and to remove a user access you just have to do  "userdel"...

Good luck

Guillaume Vissian
Président de l'Association d'Audit de Sécurité
53, rue de Grenelle
75007 Paris

Jeremy Eder wrote:

> My situation:  multiple admins needing root on hundreds of boxes.
>
> Currently:  using pubkeyauth on openssh (mostly bsd but linux and
> solaris too)
>
> Goal:  ease add/remove of credentials from machines (one-off or globally
> in our network)
>
> Each server may have a completely different (and still valid) list of
> users in the authkeys2 file.
>
> Instead of getting messy with sed/cat/grep...I began to research if it
> was possible to have multiple authorized_keys2 files, or at least be
> able to put directives to separate public key files in the global
> authorized_keys2.  This would make the management of my setup much
> easier...
>
> Something like...
>
> AuthorizedKeysFile .ssh/authorized_keys2
> AuthorizedKeysFile .ssh/user1
> AuthorizedKeysFile /ssh/user2
>
> Etc etc...
>
> Then I can control access to the box simply by creating or deleting that
> file and one line in the conf.
>
> Am I looking in the right direction ?  I haven't yet discovered a way to
> do this under openssh; however .ssh/authorization under ssh2 seems to
> provide the exact feature I am thinking of.  Not an option...
>
> Is this possible ?  Is there some other practice that is more accepted
> that I'm not aware of ?
>
> Thanks for your help.
>
>