0

In complex setup where user connected to remote host using authorized private key, there is a .ssh folder with user settings and keys related to the remote host.

Is it possible to disallow the connected user to read the contents of the .ssh folder (which is essentially read to allow the current connection) ?

One option that I can imagine (but not yet know to implement) is using modified shell that disallows console access to the folder and also disallows running real shell.

Another - to compose chroot sandbox on login, but not sure how safe for the purpose it can be.

Any idea appreciated.

Robert Navado
  • 101
  • 1
  • How can the users manage their keys if they cannot access these files? – Michael Hampton Aug 31 '20 at 23:09
  • The user must be able to read each individual file (otherwise they're useless). Do you want to prevent the user from listing the `.ssh` dir, yet allowing them to read the files if they know precisely the file names? Or simply prevent the user from writing/modifying these files? – Déjà vu Sep 01 '20 at 01:57
  • Reading as well. For example if .ssh cotains keys that users should not access. For example when access to server is actually by the role and not all particular users has user account in PAM (and no external account management available) – Robert Navado Sep 01 '20 at 13:46

1 Answers1

0

I am assuming that you want to restrict user's access to .ssh to prevent the proliferation of authorized_keys files.

Check out https://keyper.dbsentry.com (Full disclosure: I am the developer and working to get this open-sourced.). It stores all the authorized public keys of users in a central location. You can disable local authorized_keys lookup and that way you can prevent authorized_keys proliferation.

If that was not the aim to restrict access to .ssh, I apologize, I spoke too soon without fully understanding the problem.

tinkertwain
  • 305
  • 1
  • 8