splitting big authorized_keys files
mike808
mike808 at users.sourceforge.net
Thu Aug 28 05:48:07 EST 2003
What about this:
1. Break up your current file into mutliple files containing only keys
based on the first two letters of the user name, as you suggested
earlier.
2. Put them into a directory
3. Create symbolic (or hard) links for each username to their
respective authorized_keys file.
4. Specifying the path to your authorized_keys "forest" in the server
configuration value AuthorizedKeysFile and use the %u token as a suffix.
The server uses the authorized_keys file selected by the user name.
This file is actually a link to the (smaller) chunk of the old
authorized_keys file.
This effectively uses the filesystem as your "database", and the
only "index" available is the username, unfortunately.
Whether the filesystem finding the username "entry" in a directory
of 1500 "files", and then performing the key lookup (albeit in a
smaller file), is faster than SSH looking up the key in the larger
authorized_keys file, only you can decide.
It's not a "great" way to do this, but it could work. The authorized_keys
files get more manageable, but then the directory you put them in
gets more unmanagable with all of the user links in it.
HTH,
Mike/
More information about the openssh-unix-dev
mailing list