patch to send incoming key to AuthorizedKeysCommand via stdin
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sat Mar 22 00:49:21 EST 2014
On 03/21/2014 02:54 AM, Marc Haber wrote:
> I would not do that in stdin as this precludes many standard commands
> from being used here. How about environment variables for key,
> fingerprint and probably comment?
If you have the key, you don't need the fingerprint.
> Wait, the ssh server doesn't know about a key's comment, does it?
the comment is irrelevant to the authorization process, since it's not
explicitly bound to the key at all (try exiting the comment in either
your id_rsa.pub or in .ssh/authorized_keys -- a mismatch has no effect).
Given that, i think authorizedkeyscommand only needs access to the key.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20140321/0a556421/attachment.bin>
More information about the openssh-unix-dev
mailing list