AuthorizedKeysCommand question
Bostjan Skufca
bostjan at a2o.si
Fri Apr 5 02:52:12 EST 2013
Hi,
is there a particular reason why this feature is "user" based and not
"user-pubkey" based?
What I mean is that it works for installation with small number of pubkeys
per user.
But imagine i.e. a GitHub scale - all users logging in as user "git". On
each auth request all the keys from database would be fetched and feeded to
OpenSSH.
Now I am only asking this out of curiosity - was it easier to implement it
the way it currently is?
Currently it executes one external command per auth request.
If we would like a larger scale support, we would need to make it
configurable to support one external command execution per presented pubkey
(user may present multiple pubkeys, of course). Something like:
AuthorizedKeysCommand "/path/to/auth %u %p"
# %p is made up, but it stands for pubkey fingerprint
b.
More information about the openssh-unix-dev
mailing list