AuthorizedKeysCommand support added

Philipp Marek philipp.marek at
Wed Oct 31 17:48:02 EST 2012

Hello Damien,

> I just commited the patch on It adds
> an AuthorizedKeysCommand option to sshd_config to use helper program to
> fetch a user's authorized keys. Quite a few people have asked for this
> to allow storage of public keys in LDAP or other databases.
thank you very much! I've been looking forward for that for a long time now.

> The program is executed (directly, not via the shell) with a single
> argument of the user being logged in. It produces on stdout zero or more
> lines in authorized_keys format. The program must terminate normally and
> with a zero exit status or its output is disregarded.
Reading the patch I see that STDERR is redirected to /dev/null; that might 
be interesting to know.
(Perhaps it would be better to allow some logfile, or even syslog, as 
destination for that output?)

Furthermore, how about setting alarm(60) or some similar timeout, and 
perhaps a CPU limit in the child handler, so that it doesn't run forever?

TBH, I can see the point that having a simple shell script inbetween - that 
can do all of this, too.

Well, thanks a lot!
Hoping for a new release soon, so that the distributions get the new 
feature, too...



More information about the openssh-unix-dev mailing list