Connection info with AuthorizedKeysCommand

Anthony R Fletcher arif at
Wed Nov 21 12:52:38 EST 2012

<20121121001551.16222.qmail at>

On 21 Nov 2012 at 01:15:51, Peter Stuge wrote:
> It's about providing the child process information about who is
> connected. Is SSH_CONNECTION already being set in the child
> environment?

Sadly the environment contains very little and not SSH_CONNECTION.
I just checked with openssh-SNAP-20121121.

On 21 Nov 2012 at 10:50:56, Damien Miller wrote:
> An AuthorizedKeysCommand can emit lines with from="" phrases to
> achieve the same effect. Anything that works in authorized_keys works
> in the output of AuthorizedKeysCommand.

Excellent idea; I can make it work with that. Thanks.

> > We could use a cumbersome Match statement, but why not make all the
> > information available to the AuthorizedKeysCommand command?
> AuthorizedKeysCommand should be as simple as possible, I don't want to
> burden it with lots of options, especially when the authorized_keys format
> is quite powerful as it is.

Agreed and I forgot that there was lots of power in the authorized_file
format. What if we wanted the authorisation keys to depend on the server


Anthony R Fletcher        
  Room 2033, Building 12A,
  National Institutes of Health,  arif at
  12A South Drive, Bethesda,      Phone: (+1) 301 402 1741.
  MD 20892-5624, USA.

More information about the openssh-unix-dev mailing list