AuthorizedKeysCommand

Katsumoto san shogun147 at gmail.com
Tue Jan 15 02:36:26 EST 2013


Hi there,

We could set AuthorizedKeysCommand script, this will allow only to replace
authorized_keys file with keys stored in a database... But why this command
is so limited?

Why i can't just set a command script which will get a username and public
key as arguments and let him do it's own authorization??
I think this will allow for much more powerful tricks. For example do to an
database lookup with keys to identify and authorize or deny access and so
on...

So is this so difficult to do? What do you all think about this?

Thanks.


More information about the openssh-unix-dev mailing list