-2

I wonder if it is possible to chroot/chdir/process the same unix user differently using the ssh key used in the ssh connexion...

The use case could be a rsync server using only one linux/local user for many virtual account.

It's somewhat how github/gitlab manages users.

EDIT: chrooting is not the main point. The point is to differentiate 'virtual' account using the same *nix user but with different SSH keys. Chrooting is a bonus.

PS: I've cooked a quick POC on a F25 server.

quazardous
  • 107
  • 4
  • 1
    thank you for the -1 without even an explanation: coward or pretentious – quazardous Jan 12 '17 at 14:47
  • This question might be a duplicate of [this one](http://serverfault.com/questions/287578/trying-to-setup-chrootd-rsync) - the first answer looks like it will help. (I didn't downvote btw) – James Jan 13 '17 at 23:24
  • No it's not a duplicate of THIS one. But I mislaid things when I spoke about chroot. I'll reformulate. – quazardous Jan 13 '17 at 23:27

1 Answers1

2

I'm not sure if you want different chroots, but the trick is usually to identify the users in authorized_keys. Take this example from Gitolite:

command="/usr/share/gitolite/gl-auth-command john",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAA...

The gl-auth-command then knows who it is, even though everbody signs in with user git.

Halfgaar
  • 7,921
  • 5
  • 42
  • 81
  • nice lead thx I'll come back in a while after testing – quazardous Jan 12 '17 at 15:23
  • using `command="/path/to/rsync_wrapper john" ssh-rsa AAAAB3NzaC1yc2EAAAA...` was the good idea. More on wrapping ssh commands: https://sixohthree.com/1458/locking-down-rsync-using-ssh – quazardous Jan 12 '17 at 22:24
  • And you can optimize your key search with https://blog.heckel.xyz/2015/05/04/openssh-authorizedkeyscommand-with-fingerprint/ – quazardous Jan 12 '17 at 23:44