-#
-# if this user has a file .ssh/authorized_keys within their real homedir
-# then return that, otherwise use the corresponding file from the vserver.
-#
-if [ -r "$HOMEDIR/$KEYFILE" ]; then
- OUT=$HOMEDIR/.ssh
-elif [ -r "/vservers/$1/home/$1/$KEYFILE" ]; then
- OUT=/vservers/$1/home/$1/.ssh
-else
- echo $1 not found in /vservers or /home >/tmp/auto.pl_sshd.log
+# Try real home directory first
+eval home="~$slice"
+if [ -f "$home/.ssh/authorized_keys" ] ; then
+ echo "--bind,-r :$home/.ssh"
+ exit 0
+fi
+
+# Try virtual server home directory next
+vbase=/vservers/$slice
+keyfile=/home/$slice/.ssh/authorized_keys
+
+echo -n "Retrieving SSH keys for $slice... " >/dev/stderr
+
+keydata=`curl -s \
+ --fail \
+ --max-time 15 \
+ "http://localhost:815/keys?slice=$slice"`
+
+rc=$?
+if [ "$rc" -ne 0 ] ; then
+ echo "curl failed with error $rc." >/dev/stderr
+ exit $rc
+fi
+
+# write the keyfile while running as the slice user, this prevents
+# various potential exploits
+su - $slice >/dev/null 2>&1 <<EOF
+install -d -m 700 ${keyfile%/*}
+touch $keyfile
+chmod 600 $keyfile
+echo $keydata >$keyfile
+EOF
+
+if [ "`cat $vbase$keyfile 2>/dev/null`" != "$keydata" ]; then
+ echo "unable to write $vbase$keyfile." >/dev/stderr