I guess I didn't want to litter the users table either - it just seems "wrong" to be actually adding things to the host when it is really so transient. It feels like it should be LDAP-ish. Just ask the server for the keys and do a one-off authentication. But I've seen even LDAP creates the user directories. I see that 2.6 kernels can have some 4B users, which should last me a while. But it is a bit more work and plumbing to try to keep things in sync. I'm a bit / very idealistic though - so I guess I'll keep rooting around. I'm ok writing a PAM module if that's what I needed. But I have a feeling there's a good bit more to it. And without someone know "knows " - that can be a very long rabbit trail :) Hrm.... On Fri, Feb 6, 2015 at 12:52 PM, Daniel Kahn Gillmor <dkg@xxxxxxxxxxxxxxxxx> wrote: > On Fri 2015-02-06 12:41:38 -0500, Cary FitzHugh wrote: >> The trouble is that the user isn't created on the machine beforehand. >> But I actually don't want the user created, b/c I don't want to litter >> all these servers with little user directories. Users may be >> transient as well - so littering the directories of these machines >> with tons of data just causes many other problems (running out of >> inodes, disk-space, etc). > > If this is your only concern, most systems don't require that a user > have a unique home directory at all. You could create a /home/nobody > which is unusable by anyone, and populate the systems's user table with > users (maybe via some sensible nameservice switch module) pointing at > that directory as their homedir. > > In other words, i don't think this is an ssh problem, it can be solved > directly in other parts of your OS. > > --dkg _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev