[PATCH] AuthorizedKeysFile: tokens for type and fingerprint

Luciano Bello luciano at debian.org
Mon Apr 12 06:16:16 EST 2010

Hello all,
	There are some scenarios where is useful to storage one key per authorized_keys 
in an OpenSSH server. This is particularly true in gitosis cases. It manages 
multiple repositories under the same user account and it may have escalation 
problems. In our case, the keys are stored in a MySQL database and queried by a 
fuse application when the authorized file is requested by OpenSSH. Of course we 
wanted to minimized the size of the query response.
	That's why we wrote the attached patch. It allows to use two new tokens in the 
AuthorizedKeysFile sshd_config option:
    * %t, user pubkey type
    * %f, user pubkey fingerprint
So, "AuthorizedKeysFile      ~/%t-%f.pubkey" will look for the key at 
	Maybe you have your own scenario where this may be useful. It would be nice if 
you put this code in.

thanks, luciano
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fp_token.patch
Type: text/x-diff
Size: 2990 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20100411/c3e6bfdc/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20100411/c3e6bfdc/attachment-0003.bin>

More information about the openssh-unix-dev mailing list