Public-Key-Based Configuration
To set up public-key authentication in your account on an SSH server machine, you create an authorization file, typically called authorized_keys (OpenSSH) or authorization (Tectia), and list the keys that provide access to your account. [2.4] Well, we’ve been keeping a secret. Your authorization file can contain not only keys, but also other keywords or options to control the SSH server in powerful ways. We will discuss:
The full format of an authorization file
Forced commands for limiting the set of programs that the client may invoke on the server
Restricting incoming connections from particular hosts
Setting environment variables for remote programs
Setting an idle timeout so that clients will be forcibly disconnected if they aren’t sending data
Disabling or placing limits on certain features of the incoming SSH connection, such as port forwarding and tty allocation
As we demonstrate how to modify your authorization file, remember that the file is consulted by the SSH server only at authentication time. Therefore, if you change your authorization file, only new connections will use the new information. Any existing connections are already authenticated and won’t be affected by the change.
Also remember that an incoming connection request won’t reach your authorization file if the SSH server rejects it for other reasons, namely, failing to satisfy the serverwide configuration. If a change to your authorization file doesn’t seem to be having an effect, make ...
Get SSH, The Secure Shell: The Definitive Guide, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
