System-wide authorized_keys

ssh linux ssh-keys

Solution 1:

To login to ANY account?

As an administrator, it should be sufficient for you to login as yourself, and then sudo to the account, but ONLY if necessary.

This approach is a serious security issue, as if that single key that you have for all accounts is stolen, then your system is fully compromised.

I feel there are ethical considerations as you are not identifying yourself in any way that you are acting for the owner. Files might be personal. If one is not all that ethical, one could send emails as the account owner and it would not be traceable.

Solution 2:

On most Linux systems, the /etc/skel directory is used to populate the home directory of any new account. If you add a .ssh directory with your authorized_keys file to /etc/skel then you will be able to login to any new account.

For existing accounts, you can write a script to add your key to all of the authorized_keys files on the system.

Solution 3:

Yes this is a generally bad idea to do because of security or ethical or organizational reasons but it is quite do-able by only modifying configuration files. The sshd_config(5) manpage has this to say about the AuthorizedKeysFile option:

 AuthorizedKeysFile
         Specifies the file that contains the public keys used for user
         authentication.  The format is described in the AUTHORIZED_KEYS
         FILE FORMAT section of sshd(8).  Arguments to AuthorizedKeysFile
         accept the tokens described in the TOKENS section.  After expan‐
         sion, AuthorizedKeysFile is taken to be an absolute path or one
         relative to the user's home directory.  Multiple files may be
         listed, separated by whitespace.  Alternately this option may be
         set to none to skip checking for user keys in files.  The default
         is ".ssh/authorized_keys .ssh/authorized_keys2".

So all you have to do is set a line like this at the bottom of your /etc/ssh/sshd_config:

AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 /usr/local/etc/universal_authorized_keys

And then populate the /usr/local/etc/universal_authorized_keys file with your personal SSH key(s) either manually or through some configuration management. You will have to restart sshd, of course.

Related

curl --insecure not working
How does memory and memoryReservation work for Tasks running on EC2 ECS?
How can I stop openconnect from changing /etc/resolv.conf?
Windows remote desktop service running, but not listening on port 3389
Force ssh to ignore id_rsa permissions
Why does Dropbox require Accessibility?
Observing what Spotlight's mdworker is indexing for diagnostic purposes
How can I type or input Unicode characters using a code point on the iPhone?
Disable system wide Ctrl+Click in OS X
How can I remap keys on an external keyboard, but keep the default layout on the internal?
Activating Show Desktop in Mission Control with a mouse button does not work
iOS: How to set language of app independent of iphone/ipad language