Connection info with AuthorizedKeysCommand
Anthony R Fletcher
arif at mail.nih.gov
Wed Nov 21 12:52:38 EST 2012
<20121121001551.16222.qmail at stuge.se>
On 21 Nov 2012 at 01:15:51, Peter Stuge wrote:
> It's about providing the child process information about who is
> connected. Is SSH_CONNECTION already being set in the child
> environment?
Sadly the environment contains very little and not SSH_CONNECTION.
I just checked with openssh-SNAP-20121121.
On 21 Nov 2012 at 10:50:56, Damien Miller wrote:
> An AuthorizedKeysCommand can emit lines with from="" phrases to
> achieve the same effect. Anything that works in authorized_keys works
> in the output of AuthorizedKeysCommand.
Excellent idea; I can make it work with that. Thanks.
> > We could use a cumbersome Match statement, but why not make all the
> > information available to the AuthorizedKeysCommand command?
>
> AuthorizedKeysCommand should be as simple as possible, I don't want to
> burden it with lots of options, especially when the authorized_keys format
> is quite powerful as it is.
Agreed and I forgot that there was lots of power in the authorized_file
format. What if we wanted the authorisation keys to depend on the server
port?
Anthony.
--
Anthony R Fletcher
Room 2033, Building 12A, http://dcb.cit.nih.gov/~arif
National Institutes of Health, arif at mail.nih.gov
12A South Drive, Bethesda, Phone: (+1) 301 402 1741.
MD 20892-5624, USA.
More information about the openssh-unix-dev
mailing list