Linux

Did you know that SSH can match “things”? I sure didn’t!

Tonight I wanted to grant SSH access to a service account that didn’t have a home directory, but was required to use keyauth. After a bit of research on the internet I added a new config file to /etc/ssh/sshd_config.d.

Match Group homeless
  AuthorizedKeysFile /etc/ssh/authorized-keys/%u

%u automatically resolves to the current user.

I also needed to create the group homeless and add my service account to it. And, of course, I also needed to add the public key to the referenced file above. (So, if your service account is called pinkie, you’ll need to add the key to
/etc/ssh/authorized-keys/pinkie).