SSH certificate and serverside ForceCommand
Alejandro Dabin
aledabin at gmail.com
Tue Jun 30 07:48:52 AEST 2020
On 23 jun. 2020 a las 23:21, Damien Miller wrote:
> I think your best avenue would be to set ExposeAuthInfo=yes in
> sshd_config (note: requires a relatively recent sshd) and parse it out
> of the certificate listed in $SSH_USER_AUTH. E.g.
>
> grep "^publickey .*cert[a-z0-9-]*@openssh.com" $SSH_USER_AUTH \
> | awk '{print $2 " " $3}' | ssh-keygen -Lf -
"ExposeAuthInfo" solves our use case because it allows to read the
certificate with user privilegies. It requires sshd >= 7.6, I was reading
the manual on my distro which uses 7.4.
Thank you all for your time, and for the great OpenSSH suite!
Regards, Ale
More information about the openssh-unix-dev
mailing list