AuthorizedKeysCommand support added
Philipp Marek
philipp.marek at linbit.com
Wed Oct 31 17:48:02 EST 2012
Hello Damien,
> I just commited the patch on https://bugzilla.mindrot.org/b/1663 It adds
> an AuthorizedKeysCommand option to sshd_config to use helper program to
> fetch a user's authorized keys. Quite a few people have asked for this
> to allow storage of public keys in LDAP or other databases.
thank you very much! I've been looking forward for that for a long time now.
> The program is executed (directly, not via the shell) with a single
> argument of the user being logged in. It produces on stdout zero or more
> lines in authorized_keys format. The program must terminate normally and
> with a zero exit status or its output is disregarded.
Reading the patch I see that STDERR is redirected to /dev/null; that might
be interesting to know.
(Perhaps it would be better to allow some logfile, or even syslog, as
destination for that output?)
Furthermore, how about setting alarm(60) or some similar timeout, and
perhaps a CPU limit in the child handler, so that it doesn't run forever?
TBH, I can see the point that having a simple shell script inbetween - that
can do all of this, too.
Well, thanks a lot!
Hoping for a new release soon, so that the distributions get the new
feature, too...
Regards,
Phil
More information about the openssh-unix-dev
mailing list