patch to send incoming key to AuthorizedKeysCommand via stdin

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sat Mar 22 00:49:21 EST 2014


On 03/21/2014 02:54 AM, Marc Haber wrote:
> I would not do that in stdin as this precludes many standard commands
> from being used here. How about environment variables for key,
> fingerprint and probably comment?

If you have the key, you don't need the fingerprint.

> Wait, the ssh server doesn't know about a key's comment, does it?

the comment is irrelevant to the authorization process, since it's not
explicitly bound to the key at all (try exiting the comment in either
your id_rsa.pub or in .ssh/authorized_keys -- a mismatch has no effect).

Given that, i think authorizedkeyscommand only needs access to the key.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20140321/0a556421/attachment.bin>


More information about the openssh-unix-dev mailing list