Open ickc opened 1 year ago
I agree, it would be better to change the configuration to centrally manage the authorized_keys file in /etc/ssh/. You would still not be allowed to change it though. We would change the configuration to only use the file in /etc/ssh, it would replace ~/.ssh/authorized_keys, not amend it.
Currently,
$HOME/.ssh/authorized_keys
will be overwritten periodically by central management system. But this is counter-intuitive from the expectation of the Filesystem Hierarchy Standard. A better approach would be putting it under/etc
(Host-specific system configuration).For example, use
AuthorizedKeysFile
in/etc/ssh/sshd_config
:and put the centrally managed file in
/etc/ssh/$USER/authorized_keys
instead.