process user differently using ssh key

Question

I wonder if it is possible to chroot/chdir/process the same unix user differently using the ssh key used in the ssh connexion...

The use case could be a rsync server using only one linux/local user for many virtual account.

It's somewhat how github/gitlab manages users.

EDIT: chrooting is not the main point. The point is to differentiate 'virtual' account using the same *nix user but with different SSH keys. Chrooting is a bonus.

PS: I've cooked a quick POC on a F25 server.

thank you for the -1 without even an explanation: coward or pretentious — quazardous, Jan 12 '17 at 14:47
This question might be a duplicate of this one - the first answer looks like it will help. (I didn't downvote btw) — James, Jan 13 '17 at 23:24
No it's not a duplicate of THIS one. But I mislaid things when I spoke about chroot. I'll reformulate. — quazardous, Jan 13 '17 at 23:27

score 2 · Accepted Answer · answered Jan 12 '17 at 15:07

2

I'm not sure if you want different chroots, but the trick is usually to identify the users in authorized_keys. Take this example from Gitolite:

command="/usr/share/gitolite/gl-auth-command john",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAA...

The gl-auth-command then knows who it is, even though everbody signs in with user git.

answered Jan 12 '17 at 15:07

Halfgaar

8,194

nice lead thx I'll come back in a while after testing – quazardous Jan 12 '17 at 15:23
using command="/path/to/rsync_wrapper john" ssh-rsa AAAAB3NzaC1yc2EAAAA... was the good idea. More on wrapping ssh commands: https://sixohthree.com/1458/locking-down-rsync-using-ssh – quazardous Jan 12 '17 at 22:24
And you can optimize your key search with https://blog.heckel.xyz/2015/05/04/openssh-authorizedkeyscommand-with-fingerprint/ – quazardous Jan 12 '17 at 23:44

process user differently using ssh key

1 Answers1

Linked