Use of non-user readable (null password) private keys
Piete Brooks
Piete.Brooks at cl.cam.ac.uk
Wed Mar 28 17:14:48 EST 2001
>> What I want is the *ABILITY* to have public `capabilities' which can
>> perform a fixed operation (e.g. prod a server) which is `harmless'.
> You should consider using multiple keys with forced commands. i.e.
> have each use generate and supply the public key to you.
I have several hundred users.
We have an active security group who would understand such things.
We also have other users who have no reason to want to know about such things.
I do not want to administer all those keys.
They do not want to have to generate a new key each time a new facility is
required.
I want **ALL** users to be able to do it.
> On the server enter the public keys into the authorized_keys{,2} file with
> restrictions:
I do not want restrictions.
> You can then lock individual users out without making everyone change key.
I do not want to.
More information about the openssh-unix-dev
mailing list