I've been struggling with optimising provisioning of non-root users to my router.
1 - Creating the users went OK using the existing tutorial.
2 - [PARTIALLY SOLVED] Enabling them to log in via SSH keys rather than passwords.
After creating the users per the tutorial, execute the following steps as root, per user:
2.1 - Create a folder to hold the keys.
mkdir /home/<username>/.ssh
2.2 - Create the authorized_keys file.
cp <userkey>.pub > /home/<username>/.ssh/authorized_keys
2.3 - Restrict the permissions on the folder and files or the OS will refuse to use it.
chmod -R 700 /home/<username>/.ssh
2.4 - Make these folders and files persistent. I'm sure there's a better way, storing them in NVRAM, but I haven't figured out how to do it. Here's what I did instead:
Make a mirror directory on the external USB drive.
mkdir /opt/data/user-mirror
cp -a -r /home /opt/data/user-mirror
2.5 - Configure the router to restore the mirrored home folders when the router boots. Add the following line to the "USB and NAS / USB Support / Run after mounting" field in the router's web interface:
cp -a -r /opt/data/user-mirrors//home/* /home
NOTE:
Adding multiple public keys via the web interface is useless because they can only be used to allow root to log in using the different keys, but he's still root. Evidently the web interface only adds keys for root to authenticate with.
Creating .ssh/authorized_keys files in each user's /tmp/home folder didn't help either.
3 - File / Folder permission issue on USB drive. My USB drive (ext3 file system) is mounted on /opt. I have created folders such as /opt/user1, opt/user2, etc. No matter what permissions I set on those folders, the user can't access them for reading or writing. Root of course has no problems accessing everything everywhere.
The user has no problems with his home directory at /home/user1 etc. But /home is in RAM, so no persistent storage or big files are available for non-root users.
