AuthorizedKeysCommand
Damien Miller
djm at mindrot.org
Tue Jan 15 08:21:20 EST 2013
On Mon, 14 Jan 2013, Katsumoto san wrote:
> Hi there,
>
> We could set AuthorizedKeysCommand script, this will allow only to replace
> authorized_keys file with keys stored in a database... But why this command
> is so limited?
The output of AuthorizedKeysCommand may contain any directive that is
allowed in authorized_keys, so it's actually quite powerful.
> Why i can't just set a command script which will get a username and public
> key as arguments and let him do it's own authorization??
> I think this will allow for much more powerful tricks. For example do to an
> database lookup with keys to identify and authorize or deny access and so
> on...
You'll have to explain this example more, because it seems to me that this
is well within the capabilities of the current AuthorizedKeysCommand.
-d
More information about the openssh-unix-dev
mailing list