Creating users "on - the - fly"

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi all.

I have a situation that I wonder someone may have run into - or has a
direction I should dig / develop in.

Let's say I have a system with 1M "users".  Their public keys are
stored in a database, and I can access them via a web call.

I have a few servers which should allow those users access.

Some constraints to make it non-crazy.

The users can only reverse tunnel.  They need no state / home
directories, etc.  I've set the command in sshd_config to just echo
"Nyet".  All they do is try to connect with

ssh -R *:0:localhost:<local-port> user@server -N

(while I have you - is there any other way to know what port was
allocated, except for parsing stderr?)

Some great help was in this url:
http://askubuntu.com/questions/48129/how-to-create-a-restricted-ssh-user-for-port-forwarding
(for anyone looking for info about reverse forwarding).

I was planning on just having the AuthorizedKeysCommand take the
username, look up the keys from the webservice, and return them. Easy!

The trouble is that the user isn't created on the machine beforehand.
But I actually don't want the user created, b/c I don't want to litter
all these servers with little user directories.    Users may be
transient as well - so littering the directories of these machines
with tons of data just causes many other problems (running out of
inodes, disk-space, etc).

Any ideas?

Thanks!
Cary
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux