[Bug 2081] New: extend the parameters to the AuthorizedKeysCommand
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Mar 22 13:59:46 EST 2013
https://bugzilla.mindrot.org/show_bug.cgi?id=2081
Bug ID: 2081
Summary: extend the parameters to the AuthorizedKeysCommand
Classification: Unclassified
Product: Portable OpenSSH
Version: 6.2p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: calestyo at scientia.net
Hi.
First, great to see bug #1663 fixed :)
AFAIU, right now you only supply one parameter to the command, the
username being authenticated for.
Why not adding further stuff, especially the command?
That would allow one to return a key list (possibly empty) depending on
the command the user wants to execute.
Especially handy to program e.g. kind of a command restrictor, that
matches the command string (with arguments) against white and black
lists of regular expressions.
Not sure if this would work with control channel muxes though, IIRC,
they make the command fixed for the mux, right?
But also other information, like the selected auth method(s) and cipher
algos could be interesting, e.g. a program could perhaps allow only a
few safe commands with methods/algos being less secure.
etc. pp.
Cheers,
Chris.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list