根据SSH密钥限制访问 [英] restrict access based on SSH key
问题描述
说,我在远程服务器storage
上有一个帐户,用户可以在其中上传和下载数据.我将允许用户的SSH密钥手动添加到/home/storage/.ssh/authorized_keys
.现在,我有两个使用不同公共SSH密钥的用户,Watson和Sherlock.
Say, I have an account on my remote server storage
where uses can upload and download data from. I add the SSH key of the allowed users manually to /home/storage/.ssh/authorized_keys
. Now, I have two users that use different public SSH keys, Watson and Sherlock.
我如何确保Watson无法上传或从Sherlocks私人画廊下载?是否可以根据用于身份验证的SSH密钥定义文件/文件夹权限?
How can I make sure that Watson can not upload to/download from Sherlocks private gallery? Is it possible to define file/folder permission based on the SSH key that was used to authenticate?
我想到了一个受限制的shell程序,该程序被设置为storage
用户的shell.但是,这种受限制的外壳程序如何找出使用了什么SSH密钥?
I thought about a restricted shell program that is set as the storage
user's shell. But how can this restricted shell find out what SSH key was used?
推荐答案
您可以尝试在/home/storage/.ssh/authorized_keys
文件中使用受限制外壳程序的command
选项,如下所示:
You can try using the command
option in the /home/storage/.ssh/authorized_keys
file, with a restricted shell, like this:
command="cd /home/storage/watson && rbash" ssh-rsa AAAAB3...2Z <- watson's public key
command="cd /home/storage/sherlock && rbash" ssh-rsa AAAAB4...R5 <- sherlock's public key
现在,根据所使用的私钥,用户将在子目录中获得受限制的外壳程序.
Now the user will get a restricted shell in a subdirectory depending on which private key is used.
这篇关于根据SSH密钥限制访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!