Ability to configure the authorized_keys file

[Atemu]

I've got a use-case where I want to run a secondary unprivileged sshd that has its own set of settings and should not inherit the user config. Additionally, I want to only allow a certain key to connect to it.

In openssh, there is the AuthorizedKeysFile option that I can point at a crafted file for that purpose but openssh is being annoying trying to berate me how I should set up permissions for my host key (I don't care that /tmp/'s permissions aren't "secure" for my unprivileged sshd; TYVM).
I'm not aware of an equivalent option in dropbear; would be great if such an option could be added.

Edit: For anyone else coming across with the same issue: StrictModes=no disables this behaviour in OpenSSH.

[mkj]

Dropbear will have the same warning about authorized_keys permissions, fwiw

[opk12]

What about AuthorizedKeysCommand (manpage)? I think it would also solve the permissions problem, if one used cat ... or echo ....

My use case is a container / hardened chroot. dropbear is lighter and simpler to configure than OpenSSH. To ssh into an unprivileged container (therefore single-user), I need to match the socket file's Unix perms / ACLs and do not need a key. If dropbear requires a dummy key, it could go into systemd's LoadCredential= directory (systemd's idiomatic way) or another shared directory; but it would be cleaner to hard-code the key into the container config file, in the dropbear command line (echo).

Also, if the systemd hardening option DynamicUser= is enabled, it picks a random, unused UID and auto-generates an /etc/passwd entry with the home set to /. dropbear uses that, does not check $HOME, and ends up with /.ssh/authorized_keys, which is not a very clean container setup.