AW: AuthorizedKeysCommand support added

Damien Miller djm at
Thu Nov 1 02:57:35 EST 2012

On Wed, 31 Oct 2012, Fiedler Roman wrote:

> Hi,
> Just curious:
> > ...
> > The program is executed (directly, not via the shell) with a single
> > argument of the user being logged in. It produces on stdout zero or more
> > lines in authorized_keys format. The program must terminate normally and
> > with a zero exit status or its output is disregarded.
> > 
> > The program is executed as the user being logged in, unless a different
> > user is specified using AuthorizedKeysCommandUser.
> Does this allow:
> * Login as user x
> * Fork a daemon process to stay alive after logout
> * Logout
> * Login again
> * Let the daemon process running as x attach to the key-fetch-script running as x, take over fds, ..
> * Let key-fetch-script return something nice
> This would of course only work, if e.g. ptrace-attach to non-children
> with same UID is allowed, which is OK on older kernels/distros, new
> ones should block that.

Well, it would let you break into your own account. This is a risk of using
the target user for the login script, which is something we explicitly
recommend against.


More information about the openssh-unix-dev mailing list