Hi Using SSH_ORIGINAL_COMMAND in AuthorizedKeys is so helpful, I'd like to know if it might be possible to access it in the AuthorizedKeysCommand context (via env ?). Is this possible ? can anybody give me advice on going into this ? If possible, I'll use this SSH_ORIGINAL_COMMAND to send client specifics information to the AuthorizedKeysCommand script. Currently, the only alternative to this is to use the login itself (we have around 30k+ different 'hosts' that might want to connect to our servers) to identify the client, but that come with the need of a custom nss endpoint configuration (we use libnss-pgsql2 ) to support dynamic user lookup, and more work (to manage uid & co) Using 'one' standard user file was enough (and a lot simplier), as those hosts don't need to do anything but to setup a revert port forwarding rule, and are bound to a very limited shell. My (now useless) /home/host_controler/.ssh/authorized_keys file (build on a cron run) was like : command="limited_shell.sh --host_id=XXX1 $SSH_ORIGINAL_COMMAND" ssh-rsa pubkey of host 1" command="limited_shell.sh --host_id=XXX2 $SSH_ORIGINAL_COMMAND" ssh-rsa pubkey of host 2" command="limited_shell.sh --host_id=XXX3 $SSH_ORIGINAL_COMMAND" ssh-rsa pubkey of host 3" ... Thank you very much for your help Francois Leurent _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
