Menu
Say, I have an account on my remote server storage where uses can upload and download data from. I add the SSH key of the allowed users manually to /home/storage/.ssh/authorized_keys. Now, I have two users that use different public SSH keys, Watson and Sherlock.
How can I make sure that Watson can not upload to/download from Sherlocks private gallery? Is it possible to define file/folder permission based on the SSH key that was used to authenticate?
I thought about a restricted shell program that is set as the storage user's shell. But how can this restricted shell find out what SSH key was used?
816
You can try using the command option in the /home/storage/.ssh/authorized_keys file, with a restricted shell, like this:
command="cd /home/storage/watson && rbash" ssh-rsa AAAAB3...2Z <- watson's public key
command="cd /home/storage/sherlock && rbash" ssh-rsa AAAAB4...R5 <- sherlock's public key
Now the user will get a restricted shell in a subdirectory depending on which private key is used.
147
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
