[PATCH] AuthorizedKeysFile: tokens for type and fingerprint
Luciano Bello
luciano at debian.org
Mon Apr 12 06:16:16 EST 2010
Hello all,
There are some scenarios where is useful to storage one key per authorized_keys
in an OpenSSH server. This is particularly true in gitosis cases. It manages
multiple repositories under the same user account and it may have escalation
problems. In our case, the keys are stored in a MySQL database and queried by a
fuse application when the authorized file is requested by OpenSSH. Of course we
wanted to minimized the size of the query response.
That's why we wrote the attached patch. It allows to use two new tokens in the
AuthorizedKeysFile sshd_config option:
* %t, user pubkey type
* %f, user pubkey fingerprint
So, "AuthorizedKeysFile ~/%t-%f.pubkey" will look for the key at
~/RSA-e9:6e:a0:72:c6:a3:29:f6:bd:79:f2:f8:e0:08:b4:14.pubkey.
Maybe you have your own scenario where this may be useful. It would be nice if
you put this code in.
thanks, luciano
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fp_token.patch
Type: text/x-diff
Size: 2990 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20100411/c3e6bfdc/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20100411/c3e6bfdc/attachment-0003.bin>
More information about the openssh-unix-dev
mailing list