sshd: SSH_CLIENT_CERT and SSH_CLIENT_PUBKEY env variables
Jakub Jelen
jjelen at redhat.com
Wed Apr 26 18:52:07 AEST 2017
On 04/26/2017 05:00 AM, Anton Worshevsky wrote:
> Hello,
>
> There are environment variables SSH_CLIENT and SSH_CONNECTION
> with information about client of current session.
>
> I want to implement new variables with info about credentials used for session authentication.
> Such as:
>
> SSH_CLIENT_CERT
> SSH_CLIENT_CERT_ID
> SSH_CLIENT_CERT_PRINCIPALS
>
> SSH_CLIENT_PUBKEY
> SSH_CLIENT_PUBKEY_FINGERPRINT
>
> Some of that information available in logs but not inside the session.
> Is there good reason why it's not implemented yet?
> Do i need to hold myself from writing it? =)
Hello,
very similar thing was already implemented by and waits for review, more
use cases or higher interest by users:
https://bugzilla.mindrot.org/show_bug.cgi?id=2408
This creates variables SSH_USER_AUTH which contains all the successfully
used authentication methods with all the needed information. It also
provides configuration options to expose these information to PAM (for
possible additional authentication methods outside of SSH) or to user
session.
Rather than implementing something new, it would be better to work on
improving this feature to suit your needs and merging it upstream.
Regards,
--
Jakub Jelen
Software Engineer
Security Technologies
Red Hat
More information about the openssh-unix-dev
mailing list