Authenticate against key files before AuthorizedKeysCommand
Damien Miller
djm at mindrot.org
Fri Jun 14 13:43:44 AEST 2019
On Tue, 21 May 2019, Damien Miller wrote:
> On Mon, 20 May 2019, Andrei Gherzan wrote:
>
> > Do you think such a feature would make sense? If yes, how would you
> > recommend going about it? I was thinking of having a priority
> > configuration variable of some sort that would decide the order I'm
> > mentioning above or even a simple configuration flag like
> > AuthorizedKeysCommandBeforeFile (default to true). I'm willing to send
> > patch if this is considered upstreamable.
>
> Maybe it makes sense to just prefer the static files to the command under
> all circumstances? This is already what we do for authorized_principals
> and IMO it makes the most sense.
This has just been comitted and will be in OpenSSH 8.1 - thanks
-d
More information about the openssh-unix-dev
mailing list