Connection info with AuthorizedKeysCommand

Ángel González keisial at gmail.com
Wed Nov 21 08:37:49 EST 2012


On 20/11/12 20:51, Anthony R Fletcher wrote:
> I see that support for AuthorizedKeysCommand has been added. The
> arguments supplied to the command is just the authenticating user. Can
> we add the SSH connection details (ie. source and destination IPs and
> ports) as well?
>
> This command seems to be the idea way of requiring one set of
> credentials from inside an organisation (say the user's own
> authorized_keys file) and another set from outside (say 2 factor smart
> card keys).
>
> To do this the command needs to know where the connection is coming
> from. I can see a similar reason for knowing the destination IP or port.
>
> We could use a cumbersome Match statement, but why not make all the
> information available to the AuthorizedKeysCommand command?
Maybe it should get the environment variable SSH_CONNECTION that
is sent on a ssh session.
(the deprecated SSH_CLIENT is a subset, so no need to expose that)



More information about the openssh-unix-dev mailing list