[Bug 2276] New: AuthorizedKeysCommand: add an option for alternate owner

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Sep 16 22:32:39 EST 2014


https://bugzilla.mindrot.org/show_bug.cgi?id=2276

            Bug ID: 2276
           Summary: AuthorizedKeysCommand: add an option for alternate
                    owner
           Product: Portable OpenSSH
           Version: 6.6p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: alon.barlev at gmail.com

Created attachment 2474
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2474&action=edit
AuthorizedKeysCommand-add-an-option-for-alternate-ow.patch

Currently the owner of AuthorizedKeysCommand must be root.

A setup in which sshd is running as non root, can enjoy a complete
and secure environment even if the AuthorizedKeysCommand is owned by a
different user.

This patch adds AuthorizedKeysCommandOwner option to control the
ownership check of the AuthorizedKeysCommand. Default is root, so no
change is done without explicit request.

---

Discussed without response at[1], I thought I give it a chance here.
Looking forward to fix of bug#2081, this and some others to make it
possible to run sshd in complete unprivilged mode, while enjoying all
benefits provided by the implmentation.

Thanks!

[1]
http://lists.mindrot.org/pipermail/openssh-unix-dev/2014-June/032696.html

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list