Openssh AuthorizedKeysCommand Inquiry

Lucas Halbert lhalbert at reverus.com
Sat Jul 30 00:18:26 AEST 2016


To whom it may concern,

I have a question regarding the AuthorizedKeysCommand functionality. Currently I am working on building an openldap sshPublicKey infrastructure which contains sshPublicKey entries with the following format(options keytype base64-encoded-key comment) example: (from="host1.example.com" ssh-rsa AB3Nz...EN8w== user at host1.example.com<mailto:user at host1.example.com>). I am wondering if the AuthorizedKeysCommand directive, or some other openssh function, offers a facility to parse the "options" field of the sshPublicKey entry in LDAP like openssh does using the authorized_keys file. My goal is to restrict the origin of SSH connections which use key exchange based on the from="" option of the sshPublicKey stored in LDAP. Any guidance you have is appreciated.

Thanks,
Lucas



More information about the openssh-unix-dev mailing list