I'm setting up a service account on Linux for automated web content updates, but this account doesn't have a shell or a home directory. I'm wondering where I would place the authorized_keys file for this user. I'm hesitant about creating a home directory just for this purpose. Any suggestions?
2 Answers
You can actually customize your SSH service to look for keys in a specific directory instead of using the default. You might want to check out the option in the sshd_config file where you can define a custom path for authorized_keys. Here's a helpful link to get you started: https://serverfault.com/questions/313465/is-a-central-location-for-authorized-keys-a-good-idea.
There's nothing wrong with giving service users a home directory. It's simple and the default setup works fine. Plus, it can really save you hassle if you just keep everything organized that way.
Exactly! And it plays well with applications that follow XDG standards.
That sounds great! You can also use a Match section in your config to set things up specifically for different users, like overriding the authorized keys path for the root user.