LinuxQuestions.org - Possible to have multiple SSH accounts & clients using the same RSA key on server??

- Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)

- - Possible to have multiple SSH accounts & clients using the same RSA key on server?? (https://www.linuxquestions.org/questions/linux-server-73/possible-to-have-multiple-ssh-accounts-and-clients-using-the-same-rsa-key-on-server-630613/)

a2brute

03-25-2008 05:22 PM

Possible to have multiple SSH accounts & clients using the same RSA key on server??

I have a server with approximately 310 user accounts. Each account ties to a respective workstation. I would like to have each user on each workstation be able to ssh in to the server using the same RSA key. That way I only have to copy a single key file to each home directory on the server, and a single key file to each workstation.

As far as I understand, The key file in each user account on the server must contain the username and hostname from which they are loggin in. If there is an option I can configure so that it does not matter what the user name, or host name is, as long as the key in the file matches, that is what I need to know.

The project does not allow time for the individual configuration of RSA keys on each workstation and user account.

If anyone has experience with this, please let me know.

Thanks.

carltm

03-29-2008 06:36 AM

Keys do not need to have a username associated with them,
although it's not uncommon for keys to include optional
info, such as usernames, just to make it easy to remember
which key is which.

All you need to do is create a key for one test user
and make it work on the server. Typically this means
copying the public key into the user's .ssh/authorized_keys
file. Next copy the public key into another user's file,
copy the private key from the test user to another user's
computer and verify that it works.

One word of warning! Be aware that this setup will
allow any user with the shared key to log in as any
other user with the same key. In that sense, it's
a really bad idea. It would be better to create one
Linux account and have everyone share it than to have
many individual accounts without any certainty about
who is actually using a particular account.

a2brute

03-31-2008 12:25 PM

Thanks very much for the clarification. I had wrongly assumed that since the user and hostname was added to the key file upon creation, that it was mandatory info. This makes things much easier.

Also, thanks for the warning and suggestion regarding users being able to login in as other users. I'll keep that in mind.

Thankfully, in this particular setup, each client workstation has a scripted login and the workstation is highly locked down. So much that the user cannot run anything but a preset choice of 3 shell scripts, and a web browser. :D

Thanks again.

All times are GMT -5. The time now is 12:33 PM.