splitting big authorized_keys files
mike808
mike808 at users.sourceforge.net
Fri Aug 29 09:37:07 EST 2003
> So in other words Yes.. markus is right.. If you are Sarah you could
> log in as Thomas.
I see now. Yes. Sarah could issue an 'ssh thomas at server' and be in
like Flynn. Actually like Thomas. :=)
But I thought he had a monster keys file he wanted to break up, no?
> My understand was the user himself has 15000+ keys. Which is an insane
> amount of public keys to be managing for one user.=)
Hmm. Now I see (even better). In that case, figuring out a way to manage
the authorized_keys file really *is* the wrong answer.
Surely he should be learning instead, quite a bit more about forwarding
and ssh-agent, no?
If he really, really does have the problem of 15000+ systems that cannot
possibly trust each other and require their own unique keys, then he's got
even bigger problems trying to keep straight all of those passphrases.
And if the passphrases are _not_ unique, then there is no requirement that
the keys they protect be, no? He should work on consolidating keys,
enable forwarding, and using agents.
Sorry about the diversion on solving a different problem... :=)
Mike/
More information about the openssh-unix-dev
mailing list