AuthorizedKeysCommand question

Bostjan Skufca bostjan at
Fri Apr 5 02:52:12 EST 2013


is there a particular reason why this feature is "user" based and not
"user-pubkey" based?

What I mean is that it works for installation with small number of pubkeys
per user.
But imagine i.e. a GitHub scale - all users logging in as user "git". On
each auth request all the keys from database would be fetched and feeded to

Now I am only asking this out of curiosity - was it easier to implement it
the way it currently is?

Currently it executes one external command per auth request.
If we would like a larger scale support, we would need to make it
configurable to support one external command execution per presented pubkey
(user may present multiple pubkeys, of course). Something like:
AuthorizedKeysCommand "/path/to/auth %u %p"
# %p is made up, but it stands for pubkey fingerprint


More information about the openssh-unix-dev mailing list