patch to send incoming key to AuthorizedKeysCommand via stdin

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi all,

I'm new to the list, so please forgive me if this is duplicated effort.

I have created a patch for openssh which modifies the AuthorizedKeysCommand
directive so that the incoming user's public key is sent to the specified
program via stdin.  This provides a means to identify the connecting user
based solely on their public key and not just by the username.

The inspiration for this was to be able to provide a service similar to
GitHub or Bitbucket, where a user uploads their SSH public key(s) via a web
interface and accesses their repositories over SSH using a common user
account like "git" or "hg". However, there are likely many other use cases.

The patches for different openssh versions can be found at
https://bitbucket.org/ClemsonSoCUnix/django-sshkey.  The README.md file
describes some caveats, including the possibility for deadlock if the
command specified with AuthorizedKeysCommand does not fully consume or
close its standard input.

I've been running the modified code in production with ~100 users on 6.2p2
for 7 months now with no known issues.  I welcome any feedback on the
patches.

Scott
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux