Dynamically allow users with OpenSSH?

Isaiah Taylor isaiah.p.taylor at gmail.com
Thu Mar 7 09:05:56 AEDT 2019


Hello, how can I dynamically allow or disallow users with OpenSSH? I
have some nodes that users can submit jobs to, and can optionally be
handed a session to the requested node. But I want to prevent them
from SSH-ing in to nodes unless they have a job running on that node.
My idea was to implement libssh's callback abilities and have a script
that checks the username against jobs running on the nodes to accept
or reject an incoming connection. However, after reading the manual, I
haven't found this capability. As I mentioned in this stack overflow
post (https://stackoverflow.com/questions/55011729/how-to-dynamically-allow-users-in-openssh),
sshd_config:AllowUsers and sshd_config:AuthorizedKeysCommand are
insufficient to accomplish this.

Does OpenSSH have some sort of callback extensibility for dynamically
allowing or disallowing users based on an external script or file?
Thanks for your time.


More information about the openssh-unix-dev mailing list