Hi all, I'm new to the list, so please forgive me if this is duplicated effort. I have created a patch for openssh which modifies the AuthorizedKeysCommand directive so that the incoming user's public key is sent to the specified program via stdin. This provides a means to identify the connecting user based solely on their public key and not just by the username. The inspiration for this was to be able to provide a service similar to GitHub or Bitbucket, where a user uploads their SSH public key(s) via a web interface and accesses their repositories over SSH using a common user account like "git" or "hg". However, there are likely many other use cases. The patches for different openssh versions can be found at https://bitbucket.org/ClemsonSoCUnix/django-sshkey. The README.md file describes some caveats, including the possibility for deadlock if the command specified with AuthorizedKeysCommand does not fully consume or close its standard input. I've been running the modified code in production with ~100 users on 6.2p2 for 7 months now with no known issues. I welcome any feedback on the patches. Scott _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
