Centralize authorized_keys file on Linux / Unix system

Authorized_keys are important files which has the information of public keys for public key authentication. By default location is ~/.ssh/authorized_keys. Here, ~ is users default home directory in system. 
While working on SSH, we got requirement to centralize the authorized_keys of all users existing in system. In most of the system for SSH we use the OpenSSH package. Hence, the default location for SSH config file is /etc/ssh/sshd_config .
Centralizing the authorized_keys for all users is quite easy. We believe you already have some experience on public and private ssh key pairs, because for access user need SSH private key.

Step 1: List the users name exist in system

Gather the information of existing users from /etc/passwd file . Make a list of users to whom you want to give access in system with SSH key authentication method.
For example , I found some valid users from system like –
joe
mike
Joseph

Step 2 : Create a new directory

Create a new directory inside /etc/ssh . This we will use this directory for placing all users keys.
mkdir -p /etc/ssh/KEYS

Step 3: Edit the sshd_config file

Now we will edit the sshd_config file. We will edit AuthorizedKeysFile parameter in /etc/ssh/sshd_config file. 
First take backup of /etc/ssh/sshd_config file. In case, if something goes wrong we can revert back by copying the backup file to original.
cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config.$(date +%F).backup
Quickly checking if AuthorizedKeysFile parameter exist in file.
egrep -v '^#|^$' /etc/ssh/sshd_config |grep AuthorizedKeysFile
If AuthorizedKeysFile parameter exist in system then edit in below given format or otherwise add below given line in /etc/ssh/sshd_config
AuthorizedKeysFile  /etc/ssh/KEYS/%u

Step 4: Create directories matches with user name

Create directories matches with user name whose authorized_keys file you want to centralize.
For root user , now we will centralize authorized_keys. Follow the given below steps 
mkdir -p /etc/ssh/KEYS/root
chown root:root /etc/ssh/KEYS/root
chmod  755 /etc/ssh/KEYS/root
touch /etc/ssh/KEYS/root/authorized_keys
chmod 644 /etc/ssh/KEYS/root/authorized_keys
chown root:root /etc/ssh/KEYS/root/authorized_keys
Get the public key content and paste in /etc/ssh/KEYS/root/authorized_keys file.
For reference, the ssh public key appear like this. Please take it as an example only.
ssh-key 

Set centralized authorized_keys for all users
Just as we have completed in above steps, almost same step you have to follow for all users. For example, our user name is mike . Let’s set authorized_keys file for mike
mkdir -p /etc/ssh/KEYS/mike
chown mike:mike /etc/ssh/KEYS/mike
chmod  755 /etc/ssh/KEYS/mike
touch /etc/ssh/KEYS/mike/authorized_keys
chmod 644 /etc/ssh/KEYS/mike/authorized_keys
chown mike:mike /etc/ssh/KEYS/mike/authorized_keys
Get the public key content for user called mike and paste in /etc/ssh/KEYS/mike/authorized_keys file.
Same steps follow for each users. In case, you are good in scripting you can easily achieve this by using for..loop .

Step 5: Now reload the ssh service

In CentOS 7 / RHEL 7
systemctl reload sshd
In CentOS 6 / RHEL 6
service sshd reload
In Ubuntu / Debian 
sudo service ssh reload

Nhận xét

Bài đăng phổ biến