No, the user name of the user invoking ssh/sftp against the remote
server can be different. For example in my case, my windows machine
has for some reason a shorted version of my normal UNIX username or in
this example using my account on pub400:
So if I run MS own ssh client against pub400, the '.config' in the
%%USER_profile%%\.ssh contains something like this:
---
Host pub400
User ssd
IdentityFile ~/.ssh/ssd@xxxxxxxxxx.ecdsa
---
Yes, i'm using elliptic curve keys.
Now i can simply dial pub400 from windows machine to pub400 (but with
password)
The next thing to do is copying ssd@xxxxxxxxxx.ecdsa,oub to pub400.com
and append the content to ~ssd/.ssh/authorized_keys at pub400.
You can't for example tell the ssh demon on the peer to use a specific
authorized_keys when connecting (that could become a pretty nice
security hole), though pub400 admin could decide that authorized_keys
in each user profile should be named 'geheime_schlussel'
One security check done by sshd is that 'authorized_keys' has
restricted readability for other users and that it is owned by the
'called' account.
I have my system set up such that private keys is local to it's system,
they aren't shared between systems.
For systems which i want to connect to using passwordless ssh, for
those i send over the chosen pubkey to them and then append it to
'authorized_keys' for that machine.
You could do the same deal for accounts on your own machine which needs
to connect to biz@xxxxxxxxxxxxx , and not use the burner account (and
with that it is far more easier to log WHO in your organization which
connects to otherhost.com)
The authorized_keys file can contain 'comments' for each accepted key
so the remote authorized_keys could contain something like this:
-----
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5..... Danbrown@consult....
ssh-ed25519 AAAAC3NzaC1I1NTE5zdi..... bethbrown@consult....
-----
Suddenly it becomes possible to check who sshed in as someone at
saturday night at 0310 (sshd logs which public key in authorized_keys
which matched the provided info from the caller.)
And i believe the file allows normal UNIX '#' comments.
As an Amazon Associate we earn from qualifying purchases.
This thread ...
RE: sFTP User Name - does it need to match user name on the server, (continued)
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.