AuthorizedKeysCommand
Shogun
shogun147 at gmail.com
Thu Jan 17 04:11:25 EST 2013
Yes, i agree, this is also important.
14.01.13 19:00, Bostjan Skufca ?????:
> Seems very useful.
>
> Implementation-wise I would not exclude AuthorizedKeysFile if
> AuthorizedKeysCommand was present, because if script will be
> connecting to external services which mail fail or hang, one still
> needs access to machine in case of emergency.
> In this respect, execution of external command should be time-limited
> to avoid locking admin out of the system in troubled times.
>
> b.
>
>
> On 14 January 2013 16:36, Katsumoto san <shogun147 at gmail.com
> <mailto:shogun147 at gmail.com>> wrote:
>
> Hi there,
>
> We could set AuthorizedKeysCommand script, this will allow only to
> replace
> authorized_keys file with keys stored in a database... But why
> this command
> is so limited?
>
> Why i can't just set a command script which will get a username
> and public
> key as arguments and let him do it's own authorization??
> I think this will allow for much more powerful tricks. For example
> do to an
> database lookup with keys to identify and authorize or deny access
> and so
> on...
>
> So is this so difficult to do? What do you all think about this?
>
> Thanks.
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org <mailto:openssh-unix-dev at mindrot.org>
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
>
More information about the openssh-unix-dev
mailing list