Connection info with AuthorizedKeysCommand

Anthony R Fletcher arif at
Wed Nov 21 06:51:36 EST 2012

I see that support for AuthorizedKeysCommand has been added. The
arguments supplied to the command is just the authenticating user. Can
we add the SSH connection details (ie. source and destination IPs and
ports) as well?

This command seems to be the idea way of requiring one set of
credentials from inside an organisation (say the user's own
authorized_keys file) and another set from outside (say 2 factor smart
card keys).

To do this the command needs to know where the connection is coming
from. I can see a similar reason for knowing the destination IP or port.

We could use a cumbersome Match statement, but why not make all the
information available to the AuthorizedKeysCommand command?


More information about the openssh-unix-dev mailing list