chroot and own public keys

[mw9999]

Can Anybody help.

I have created a chroot environment on a fedora linux box for sftp.
The user logs on and accepts the server public key and he is dropped in to a chroot environment.

I want to take this a stage further .

I want to use different public keys with different users.

I have created a .ssh folder in the users account and i have 2 files in this folder , authorized_key , id_rsa_1024_openssh.pub.

But I cannot get the user to select there own public key.

Has anybody got any ideas or can someone point me in the right direction.




Many Thanks

 

[zeland]

Doing this will achieve what exactly? Are you trying do a user certificate authentication model?


--== Anything can go wrong. It's just a matter of how far wrong it will go till people think its right. ==--

 

[ericbrunson]

Different server public keys is useless. Either you don't understand the purpose of the server key or you are not explaining what you need to do correctly.

The server key is, after it is accepted the first time, guarantees that the server you're connecting to is the same as the server you accepted the key from. Having multiple server keys accomplishes nothing beyond that.

 

[zeland]

I can only assume that he might be trying to create a scenario where users are validated based on their user certificate/key to access the server.


--== Anything can go wrong. It's just a matter of how far wrong it will go till people think its right. ==--

 

[mw9999]

Sorry if I have mislead you but I am new to the workings of linux.

I have been asked to setup a sftp server for the small company I work for and I thought it would be a good way learn linux.

We have about 6 customer who wish to connect to it with sftp.

At least 3 of these want to use there own public key authentication.

I have set up a chroot environment using openssh for one account and created a .ssh folder ,copied over there public key as per previous post.

When I try and log on to test this account , I only get my normal public key figure print the same as any of the other accounts.

Am I doing something wrong. If so can someone point to a good resource to find the answer.

Many thanks

 

[ericbrunson]

When I try and log on to test this account , I only get my normal public key figure print the same as any of the other accounts.

Your english was so excellent until this, the most important sentence in your post, which doesn't make any sense. "my normal public key figure print"?

Your public key or the server public key? They are different, and your public key shouldn't print, but the checksum of the server public key should print if you haven't accepted and stored it.

Is each users's home directory in /etc/passws set to the chroot directory containing their personal .ssh directory? It must if sshd is to find the correct keys.

 

[mw9999]

Sorry for the typo the sentence should say "prompt" and yes it is the server public key prompt.

The user defaults to a folder the next level down from the .ssh (chroot) folder in the password file.

I will change this tomorrow.

Thanks for all the help.