Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Also, once you've got per-user encryption on ~/.ssh/authorized_keys you'll need some other mechanism for users to log in.

And don't think of having the users do their own backups - locking users' home directories mean they won't be able to run their own cron jobs.



> Also, once you've got per-user encryption on ~/.ssh/authorized_keys you'll need some other mechanism for users to log in.

OpenSSH supports this through the AuthorizedKeysFile directive - it'd be quite simple for the homedir mounting tool to sync that file from the user's authorized_keys file on unmount.

You could also use SSH certificates, but that requires a CA - not ideal for the home user.


You can also store the file anywhere else, a la

    AuthorizedKeysFile /etc/ssh/authorized_keys/%u
(For example, /etc/ssh/authorized_keys/bob)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: