作为我上一个问题的跟进,我决定如下创建本地用户帐户。
adduser --system --no-create-home USERNAME
现在,我希望本地用户能够使用来访问计算机ssh。根据我的理解,其ssh工作原理如下。
假设我有2台机器(例如alpha和beta)。
ssh user@beta~/.ssh/authorized_keys在beta机中。/~/.ssh在alpha机器中。现在,我已经计划实施没有回家的用户。因此,假设我adduser进入没有任何用户家园的Beta机器,我是否仍然可以从alpha转换为beta?
Answers:
~/.ssh/只是sshd用于查找传入用户的公共密钥的默认位置。您可以sshd通过修改中的AuthorizedKeysFile指令 来配置位置和要查找的文件/etc/ssh/sshd_config。我的当前看起来像:
AuthorizedKeysFile %h/.ssh/authorized_keys
该sshd_config手册页提供了更多的细节:
AuthorizedKeysFile
Specifies the file that contains the public keys that can be used for user authentication. The format is
described in the AUTHORIZED_KEYS FILE FORMAT section of sshd(8). AuthorizedKeysFile may contain tokens of
the form %T which are substituted during connection setup. The following tokens are defined: %% is
replaced by a literal '%', %h is replaced by the home directory of the user being authenticated, and %u is
replaced by the username of that user. After expansion, AuthorizedKeysFile is taken to be an absolute
path or one relative to the user's home directory. Multiple files may be listed, separated by whitespace.
The default is “.ssh/authorized_keys .ssh/authorized_keys2”.
请注意,这sshd对于用户authorized_key文件的权限非常重要。如果您进行了设置并遇到登录问题,则需要密切注意日志。
AuthorizedKeysFile可能会破坏其他所有用户的登录(除非您做其他一些聪明事)。仅使用即可添加最小主目录可能更容易~/.ssh/authorized_keys。