SSH users authentication depending on their public key.
Thomas Martin
tmartincpp at gmail.com
Tue May 21 18:25:46 EST 2013
Hi everyone.
I'm looking for a way to identify my SSH's users according to their
public key; I mean I would like to have their name logged in my bash
session (in a shared unix account).
I put this in my .profile:
export HISTTIMEFORMAT="[%Y-%m-%d %H:%M:%S - $SSH_USER] "
So now I'm trying to make OpenSSH fill the "SSH_USER" variable.
First I have to exclude the PermitUserEnvironment possibility for
securities reasons as said in the manual (and so I can't use the
"environment" directive in authorized_keys).
I saw the AcceptEnv and SendEnv directives but I don't want to depend
on clients settings.
So I did some tries with the "command" directive in authorized_keys
and I'm able to manage interactive or non-interactive sessions but I
don't know how to deal with sshfs/sftp use.
Also according to me this is not an elegant solution but I wasn't able
to find on other way until then.
Here is my authorized_keys:
command="sh -c 'SSH_KEY_USER=thomas /tmp/test.sh
${SSH_ORIGINAL_COMMAND:-}'" ssh-rsa publickey thomas at host.domain
Here is the /tmp/test.sh script:
#!/bin/bash
#
set -e
#
if [ ! -z $SSH_TTY ]; then
/bin/bash -l
elif [ ! -z $1 ]; then
$*
fi
exit 0
Do you have any other solutions? Am I missing something ?
Unfortunately I can't create one unix account by ssh key... Unix
accounts are shared by two or more users; this is why I would love to
know who did futures mistakes ;)
Thanks in advance.
Thanks.
More information about the openssh-unix-dev
mailing list