Dynamically allow users with OpenSSH?

Jason L Tibbitts III tibbs at math.uh.edu
Thu Mar 7 09:30:05 AEDT 2019

>>>>> "IT" == Isaiah Taylor <isaiah.p.taylor at gmail.com> writes:

IT> Does OpenSSH have some sort of callback extensibility for
IT> dynamically allowing or disallowing users based on an external
IT> script or file?

Seems more like the kind of thing you'd do through the PAM stack,
assuming your OS has that.  pam_script seems directly on point if you
want to make decisions based on arbitrary scripting.

Needless to say, PAM can be baroque and is part of the attack surface,
so significant care is warranted.

 - J<

More information about the openssh-unix-dev mailing list