Created attachment 3028 [details] sshd_config: allow directories in AuthorizedKeysFile= This patch enhances AuthorizedKeysFile= to accept directory paths in addition to single files. It provides an include semantics similar to `.d` / `run-parts(8)` approach, offering a consistent way for different entities to add public keys to a given account without single-file contention.
Gentle ping for a review.
As I got no answers so far, this is another gentle ping for a review.
We're late in preparations for the 7.6 release. We'll look at this after
I guess this fell off the radar, but I'm still considering having this feature implemented and I'll be happy to go through a patch review.
You can always use "AuthorizedKeysCommand", which will point to your script that will pull the keys from all the files in specific directory. I am not sure if this is needed. It would make it all more complex, though it would be a nice addition.
Hi Damien, This is another item we are looking at that we'd like to use for our new CoreOS efforts. We could use the AuthorizedKeysCommand workaround as Jakub suggested in the short term, but we do think it would be better in the long term if AuthorizedKeysFile= could accept directories. Would it be possible to evaluate if this is likely or unlikely to be accepted long term? Thanks!
I forgot to add a link for context: https://github.com/coreos/fedora-coreos-tracker/issues/139
Comment on attachment 3028 [details] sshd_config: allow directories in AuthorizedKeysFile= Comments about the patch authorized-keys-d.patch It seems all file operations are done as the priviledged user. It would be more secure to change identity to the login user before doing this. An example of changing identity can be seen in the function user_key_allowed2() in the file ssh/auth2-pubkey.c at the line: temporarily_use_uid(pw);
Regarding the order of files from readdir(): It seems readdir() has no guaranty about order: https://stackoverflow.com/questions/8977441/does-readdir-guarantee-an-order I think the order could influence how access is given by the server if multiple keys allow access in different ways. Because of that it would make sense to define an order in which the files are read. For simplicity I would suggest alphabetical order. Some limits are probably needed regarding the maximum number of authorized files and the maximum filename length. Maybe those numbers could be configurable. The allowed set of characters in the filenames should probably also be limited. To make the alphabetical ordering easy to understand one could limit the allowed characters to be for instance a-z or maybe a bit more generous: a-z 0-9 _
Created attachment 3411 [details] sshd_config: allow directories in AuthorizedKeysFile= Patch v2
Thanks for the feedback! I've rebased and updated the patch to a v2 based on the comments above, please take a look. I'm also keeping it mirrored at https://github.com/openssh/openssh-portable/pull/70, in case that makes it easier for review.
ssh-key-dir <https://github.com/coreos/ssh-key-dir> was implemented as a workaround for the missing ~/.ssh/authorized_keys.d support. It runs as an AuthorizedKeysCommand and has been shipping in Fedora CoreOS by default for a couple years now.