18

My Uni's all ssh keys were stolen. The Sys admins decided to remove all .ssh folders and move the files to a folder which name I cannot say.

I am interested how the sysadmins changed the default SSH-key folder.

How can you change the default ~/.ssh -folder to the folder ~/TopSecret/, such that my computer detects that the keys are in a new folder?

Improve this question
0

4 Answers 4

Reset to default
14

Have a look at sshd_config(5) and edit /etc/ssh/sshd_config. Note that the path of relevant configuration files is set for each file individually (that is, it's not a matter of just changing the string .ssh to something else in one place in the config file).

Anyway, the setting you're looking for is AuthorizedKeysFile.

Improve this answer
1
  • 1
    From the openssh sshd_config man pages: AuthorizedKeysFile. Specifies the file that contains the public keys that can be used for user authentication. AuthorizedKeysFile may contain tokens of the form %T which are substituted during connection setup. The following tokens are defined: %% is replaced by a literal '%', %h is replaced by the home directory of the user being authenticated, and %u is replaced by the username of that user. After expansion, AuthorizedKeysFile is taken to be an absolute path or one relative to the user's home directory. The default is ``.ssh/authorized_keys''.
    – samt
    Commented May 25, 2009 at 23:20
4

To reduce the impact of private key disclosure, it's advisable to password encrypt the key itself. Offline brute force attacks on specific keys are still possible, but it does throw a wrench in someone who makes off with a cartload of user keys.

Another option -if encryption is not possible- is to restrict the use of the sshkey to specific IP addresses. Using this syntax in the public key added to the remote server. from="ipaddress1,ipaddress2" ssh-rsa ... That means that in the case of somebody stealing those keys, they will be useless if used from any other server (with different IP).

More to the point, you shouldn't store private keys of value on anything you don't control. To connect to a server, storing the public key on the server is sufficient.

Improve this answer
2

You can rename folders with the "mv" command. So you could rename TopSecret back to .ssh by "mv TopSecret .ssh".

The administrators can control where the sshd looks for your keys by changing the /etc/ssh/sshd_config file's AuthorizedKeysFile parameter. You can't change this.

Improve this answer
0
1

To change the default location for the .ssh directory, you can edit the below settings:

  1. /etc/ssh/ssh_config: Edit the value for IdentityFile. A sample entry would look like this: IdentityFile /es2/ssh/id_rsa. Here /es2/ssh is the desired directory to keep the public and private keys.
  2. /etc/ssh/sshd_config: Update the value for AuthorizedKeysFile, A sample entry would look like this: AuthorizedKeysFile /es2/ssh/authorized_keys

Also, do not forget to restart your ssh daemon after making this config updates.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .