ssh how to allow a very limited user with no home to login with pubkey

I have a very restricted user in my ssh server created with --no-create-home and --shell /bin/false. I know I can define authorized_keys file in sshd_configs for the user's public key. But how can I allow public key authentication for this user without requiring to access any files on OS?

diya has already explained that you could change to AuthorizedKeysCommand for retrieving the public key of a user.

However, it's probably easier for you to place the authorized_keys file somewhere else. For example you could set AuthorizedKeysFile /etc/ssh/authorizedkeys/%u and place the file that would have been at ~username/.ssh/authorized_keys at /etc/ssh/authorizedkeys/username instead.

And, if you want to change it only for this user (so other users still have their authorized_keys at ~/.ssh/), you could use

Match User username
AuthorizedKeysFile /some/path/username_authorized_keys

The alternative to a file with public keys is the openssh server directive AuthorizedKeysCommand which allows you to configure your sshd daemon to run a specific helper program to retrieve the public keys that you would normally store and deploy in a users ˜/.ssh/authorized_keys file.

Using a LDAP directory is one common solution, querying an API or (MySQL) database are other examples.

See for example:

• SSH key authentication using LDAP
• How to enable ssh for supporters with intelligent key management?
• OpenSSH with public keys from database