Openssh AuthorizedKeysCommand Inquiry

Lucas Halbert lhalbert at
Sat Jul 30 00:18:26 AEST 2016

To whom it may concern,

I have a question regarding the AuthorizedKeysCommand functionality. Currently I am working on building an openldap sshPublicKey infrastructure which contains sshPublicKey entries with the following format(options keytype base64-encoded-key comment) example: (from="" ssh-rsa AB3Nz...EN8w== user at<mailto:user at>). I am wondering if the AuthorizedKeysCommand directive, or some other openssh function, offers a facility to parse the "options" field of the sshPublicKey entry in LDAP like openssh does using the authorized_keys file. My goal is to restrict the origin of SSH connections which use key exchange based on the from="" option of the sshPublicKey stored in LDAP. Any guidance you have is appreciated.


More information about the openssh-unix-dev mailing list