HostKey Management

Matthew N. Dodd matthew.nygard.dodd at
Fri Jan 18 11:04:26 EST 2013

On 1/17/13 5:57 PM, Mike Kelly wrote:
> But, as someone mentioned (maybe just off-list), this still has some
> shortcomings compared to public keys. The biggest is that, as I have
> gathered so far, you can't tie a forced command to the credentials. I
> guess that the closest workaround would be to have a specific user that
> is used to log in for these specific tasks, which could have a
> ForceCommand in a Match User block in sshd_config (maybe in combination
> with, say, sudo so that things that maybe need to be run as some other
> user instead can be?).

Bug 1927 - authorized_credentials (aka authorized_keys for GSSAPI-MIC)

I'll spend some time updating it if there is any interest.

More information about the openssh-unix-dev mailing list