Ubuntu Trusty here. I'm having some trouble deciding where in the system I should configure which users are to be allowed to ssh into the machine, and which keys they're allowed to use.
I've traditionally just created Linux users with respective home folders, and would place authorized_keys
under ~/.ssh folder.
It seems that another option is to use sshd's config as well. You can define AllowUsers
there and even AuthorizedKeysFile
with all the supported ssh keys. I'm using this article for reference.
Now, what's the best practice here? Should I not specify AllowUsers/AuthorizedKeysFile and let the OS user's existence and authorized_keys file decide if the user should be able to log in or not? Should I not use the the user's ~/.ssh/authorized_keys? Should I have both in place?
The former makes configuration management (through Ansible in my case) a bit simpler, but I can have it in both places if need be.