[Bug 2276] New: AuthorizedKeysCommand: add an option for alternate owner

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Sep 16 22:32:39 EST 2014


            Bug ID: 2276
           Summary: AuthorizedKeysCommand: add an option for alternate
           Product: Portable OpenSSH
           Version: 6.6p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: alon.barlev at gmail.com

Created attachment 2474
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2474&action=edit

Currently the owner of AuthorizedKeysCommand must be root.

A setup in which sshd is running as non root, can enjoy a complete
and secure environment even if the AuthorizedKeysCommand is owned by a
different user.

This patch adds AuthorizedKeysCommandOwner option to control the
ownership check of the AuthorizedKeysCommand. Default is root, so no
change is done without explicit request.


Discussed without response at[1], I thought I give it a chance here.
Looking forward to fix of bug#2081, this and some others to make it
possible to run sshd in complete unprivilged mode, while enjoying all
benefits provided by the implmentation.



You are receiving this mail because:
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list