AW: AuthorizedKeysCommand support added
Fiedler Roman
Roman.Fiedler at ait.ac.at
Wed Oct 31 19:58:26 EST 2012
Hi,
Just curious:
> ...
> The program is executed (directly, not via the shell) with a single
> argument of the user being logged in. It produces on stdout zero or more
> lines in authorized_keys format. The program must terminate normally and
> with a zero exit status or its output is disregarded.
>
> The program is executed as the user being logged in, unless a different
> user is specified using AuthorizedKeysCommandUser.
Does this allow:
* Login as user x
* Fork a daemon process to stay alive after logout
* Logout
* Login again
* Let the daemon process running as x attach to the key-fetch-script running as x, take over fds, ..
* Let key-fetch-script return something nice
This would of course only work, if e.g. ptrace-attach to non-children with same UID is allowed, which is OK on older kernels/distros, new ones should block that.
Roman
More information about the openssh-unix-dev
mailing list