0
I've noticed on Google Compute Engine that adding a ssh key allows me to connect and creates a new server account.
However, I've noticed in the sshd_conf
that the line in sshd_config
#AuthorizedKeysFile %h/.ssh/authorized_keys
is commented out.
Yet the server is indeed checking ~/.ssh/authorized_keys
to allow me to log in.
How is ssh allowing me to log in when my key is placed in this file if the option is commented out in sshd_config?
On an unrelated note, I am also curious as to why the instance does not show the public IP as active on any interfaces, even though it is connectible via it. Is this some crazy Google routing obfuscating something?
I don't understand that at all. Just say I wanted to disable the parsing of ~/.ssh/authorized_keys, how would I do that? Implying that whether or not the setting is actually active in sshd_config, the parsing still takes place. – Peter – 2014-12-09T13:51:36.033
Yes, the address is absent from ifconfig. I find most cloud providers do actually bring it up as an interface. So you could be right in that there is one to one NAT in place... just seems unexpected. – Peter – 2014-12-09T13:55:23.183
1I will rephrase it: If a parameter is missing inside
sshd_config
, it will default for a fixed value (hardcoded). The comments in the original file are there to show you what the default value is, but they are simple comments, they will not be parsed. If you want to disable public key authentication, you must configurePubkeyAuthentication no
– NuTTyX – 2014-12-09T14:01:04.817You are talking about a different setting. I'm not talking about pubkey auth as a whole, I'm talking about whether or not ssh permits pubkey auth to allow via keys placed in ~/.ssh/authorized_keys. Now, as for why it parses that location when it is commented, I would speculate that it's a default. AKA. if you want to specify an alternate path, then uncomment it and change it to something else. Otherwise whether commented or not, it will be that path. Just guessing. – Peter – 2014-12-09T14:09:56.243
2An empty
sshd_config
will have public key authentication active and will search for the pubkeys on~/.ssh/authorized_keys
. The comments are there to remaind you of that path but they are not parsed. If you want to change the file to another one, you must uncomment the line and update the path. Note that I would not recommend that since SSHD is particulary sensitive of folder/file permissions and SELinux is even worse. Renaming the file is ok, but do not change the path to a shared file between users. – NuTTyX – 2014-12-09T14:19:39.910