AuthorizedKeysCommand support added
Damien Miller
djm at mindrot.org
Wed Oct 31 18:59:12 EST 2012
On Wed, 31 Oct 2012, Philipp Marek wrote:
> > The program is executed (directly, not via the shell) with a single
> > argument of the user being logged in. It produces on stdout zero or more
> > lines in authorized_keys format. The program must terminate normally and
> > with a zero exit status or its output is disregarded.
> Reading the patch I see that STDERR is redirected to /dev/null; that might
> be interesting to know.
> (Perhaps it would be better to allow some logfile, or even syslog, as
> destination for that output?)
I want to keep this code simple, and don't want to have to implement
yet another select() loop to handle multiple fds from the helper's
stderr and stdout. I don't think it unreasonable for them to do their own
logging to syslog for errors.
> Furthermore, how about setting alarm(60) or some similar timeout, and
> perhaps a CPU limit in the child handler, so that it doesn't run forever?
The helper is subject to the global login grace timeout (sshd_config
LoginGraceTime).
> TBH, I can see the point that having a simple shell script inbetween - that
> can do all of this, too.
No - the shell environment is too complicated for something that can
be triggered before authentication.
-d
More information about the openssh-unix-dev
mailing list