SSH users authentication depending on their public key.
Ángel González
keisial at gmail.com
Tue May 21 20:27:52 EST 2013
On 21/05/13 10:25, Thomas Martin wrote:
> Hi everyone.
>
> I'm looking for a way to identify my SSH's users according to their
> public key; I mean I would like to have their name logged in my bash
> session (in a shared unix account).
> I put this in my .profile:
> export HISTTIMEFORMAT="[%Y-%m-%d %H:%M:%S - $SSH_USER] "
>
> So now I'm trying to make OpenSSH fill the "SSH_USER" variable.
> (...)
> Here is my authorized_keys:
> command="sh -c 'SSH_KEY_USER=thomas /tmp/test.sh
> ${SSH_ORIGINAL_COMMAND:-}'" ssh-rsa publickey thomas at host.domain
It may be simpler to use /usr/bin/env SSH_KEY_USER=thomas
${SSH_ORIGINAL_COMMAND:-} ssh-rsa ...
> Do you have any other solutions? Am I missing something ?
> Unfortunately I can't create one unix account by ssh key... Unix
> accounts are shared by two or more users; this is why I would love to
> know who did futures mistakes ;)
I guess you alreadu know this is just oportunistic logging, and any user
could impersonate another one or even avoid that it gets registered.
It's strange that you can't afford one account per user (even if they then
eg. sudo to run the commands under the shared account).
More information about the openssh-unix-dev
mailing list