SSH users authentication depending on their public key.

[Damien Miller]

On Tue, 21 May 2013, Thomas Martin wrote:

> Hi everyone.
> 
> I'm looking for a way to identify my SSH's users according to their
> public key; I mean I would like to have their name logged in my bash
> session (in a shared unix account).
> I put this in my .profile:
>  export HISTTIMEFORMAT="[%Y-%m-%d %H:%M:%S - $SSH_USER] "
> 
> So now I'm trying to make OpenSSH fill the "SSH_USER" variable.

Where SSH_USER is what, exactly?

There are proposals to expose the key (or fingerprint thereof) used to
authenticate a user under SSH_AUTH_KEY, but there are some corner cases
to do with multiple authentication to be worked out.

> First I have to exclude the PermitUserEnvironment possibility for
> securities reasons as said in the manual (and so I can't use the
> "environment" directive in authorized_keys).

I think PermitUserEnvironment is safe if the users' shell is statically
linked and it clears LD_* before doing anything else. Maybe we should
make it a pattern-list of variables to accept though. I.e.

PermitUserEnvironment BLAH*,LC_*

Would allow any environment variable matching the wildcards.

Alternately (and this is easier to do). You could move the
AuthorizedKeysFile to be root-controlled (root-owned file and directory),
comment out the parts of session.c that load ~/.ssh/environment and
then turn PermitUserEnvironment back on. The user would have no way of
setting arbitrary environment variables (assuming they don't have root)
and you could use environment=... options in authorized_keys as much
as you like.

-d