Search code examples
sshssh-keysopensshsshd

Can we use wildcard to have multiple paths while mentioning "AuthorizedKeysFile" in sshd_config?

I want to have one public per one authorized key file.

Example:

In the dir %h/.ssh/

  • For person A, separate file A_authorized_key containing public key for A
  • For person B, separate file B_authorized_key containing public key for B

ls %h/.ssh/ will give:

  • A_authorized_key
  • B_authorized_key

I know we can write both public keys in authorized_keys file, and it will work like a charm, but due to some reason I want it to be in separate files.

So can we write AuthorizedKeysFile %h/.ssh/* ?

Can we achieve this?

Solution

  • No. You can not use wildcards in the AuthorizedKeysFile. You can use multiple files, but not wildcards.

    AuthorizedKeysFile

    Specifies the file that contains the public keys used for user authentication. ...

    But you can create a script, that will pick all these keys and give them to the ssh, which will run it as AuthorizedPrincipalsCommand and AuthorizedKeysCommandUser:

    AuthorizedPrincipalsCommand /path/to/script
AuthorizedKeysCommandUser root

    and the script can look like this:

    #!/bin/bash
DIR="~${1}/.ssh/*"
cat `eval echo $DIR

    but note that your wildcard matches also the private keys of the user and it is never a good idea when you touch these keys.