Skip to main content
  1. Posts/

SSH config has a matching function

a factory showing an conveyor splitting belt, sorting keys on one lane and tiny broken metal pieces on the other, photo realistic

Did you know that SSH can match “things”? I sure didn’t!

Tonight I wanted to grant SSH access to a service account that didn’t have a home directory, but was required to use keyauth. After a bit of research on the internet I added a new config file to /etc/ssh/sshd_config.d.

Match Group homeless
  AuthorizedKeysFile /etc/ssh/authorized-keys/%u

%u automatically resolves to the current user.

I also needed to create the group homeless and add my service account to it. And, of course, I also needed to add the public key to the referenced file above. (So, if your service account is called pinkie, you’ll need to add the key to
/etc/ssh/authorized-keys/pinkie).

Lastly, if you are on Windows and use the WSL to access a linux server using keyauth, I can only advise to copy your private key to some WSL folder instead of using the mounted windows drive at /mnt/c/%something. I was not able to restrict the access on the private key file on the Windows drive in any way, that was accepted by the ssh daemon. Copying the file to ~/.ssh/%something and restricting it (chmod 700) worked in the end.


Oh, by the way, look at this: On my way to find a feature image for this post I stumbled upon a few funny variants.

Create an eye-catching feature image that captures the essence of SSH empowerment through ‘Match’ and key authentication. Think about visually representing the seamless integration between user groups, file paths, and the dynamic functionality of SSH. Consider incorporating elements like keys, groups, and server connections to convey the theme effectively. Let your creativity flow!

Craft an imaginative feature image that illustrates the concept of SSH group matching for access control. Consider visual elements like group formations, secure pathways, and server connections to depict the dynamic nature of SSH configuration. Infuse creativity into the imagery to capture the essence of unlocking access possibilities through group matching in SSH. Let your imagination run wild!

illustrate the concept of SSH group matching for access control. Consider visual elements like group formations, secure pathways, and server connections to depict the dynamic nature of SSH configuration, photo realistic

Neither the current feature image, nor these examples actually match what I thought of while writing this post. But I’m still happy that I’m able to generate images like this with a click of a few buttons :)

jwb
Author
jwb
Something-ops during the day, nowadays mostly asleep during the night.