linux

Mercurial-server on CentOS 6.2: how to properly set up sshd?

Good afternoon, Habrazhitel!

I install and configure Mercurial-server on Centos 6.2 according to the following manuals: habr and someone's blog .

Everything is fine, it works. But there is one caveat with configuring SSH by keys. After adding the user key to the hgadmin repository and running refresh-auth , the /var/lib/mercurial-server/.ssh/authorized_keys file is updated .

I copy this file for sshd:

cp /var/lib/mercurial-server/.ssh/authorized_keys /etc/ssh/keys/hg.pub

And I write in sshd_config:

PubkeyAuthentication yes
AuthorizedKeysFile /etc/ssh/keys/%u.pub

In this case, everything works fine.

BUT! Problems start if I make a soft link to the keys instead of copying them (after all, I don’t want to copy it manually every time I update the authorized_keys file):

ln -s /var/lib/mercurial-server/.ssh/authorized_keys /etc/ssh/keys/hg.pub

In this case, when you try to access the repository, "server our refused key" appears. In the ssh logs, I see that it tries to read the /etc/ssh/keys/hg.pub file , but does not find any entries in it.

Important : even if I write one of these options in sshd_config:

AuthorizedKeysFile /var/lib/mercurial-server/.ssh/authorized_keys
AuthorizedKeysFile ~/.ssh/authorized_keys
AuthorizedKeysFile /etc/ssh/keys/hg.pub

Still no success. That is, the file with the keys in the hg user's home folder is not readable.
Keys in other users' home directories are readable and work fine.

I'll take any advice)