Someone wrote this for NSS - https://github.com/donapieppo/libnss-ato And this seems to be doing sortof what I'm hoping to do, just doing it with hosts, not User database stuff. https://github.com/troxor/libnss_consul So - maybe a combination of these two things will work! Thanks again. we'll see how it goes :) Cary On Fri, Feb 6, 2015 at 2:30 PM, Cary FitzHugh <cary.fitzhugh@xxxxxxxxx> wrote: > Thanks for the tip on name service switch extensions -- I shall look.. > Maybe adding something that lets you query the users there is all I > need... we'll see. > > The AuthorizedKeysCommand could be a script - and figures out > everything - the ssh connection doesn't' get that far when the user > doesn't exist on the system yet :( > > Hence - maybe a NSS User Database extension which looks for the > public keys from a webservice (and then maybe writes them to > /tmp/<username>. > > The AuthorzedKeysCommand could then just return the tmp/username information.. > > Hoping the NSS shows some promise.. Wow , thanks for all the help! > > On Fri, Feb 6, 2015 at 2:26 PM, Scott Neugroschl <scott_n@xxxxxxxxx> wrote: >> >>>> However - as I got into that - I realized that I have no way to "find" >>>> just the keys for a single user. Since the only argument to that ssh >>>> keys command, is the username. It's not HTTP so I couldn't point at a >>>> subdomain and use that to look up the information. >> >>>You may be interested in the bug report "extend the parameters to the >>>AuthorizedKeysCommand": >> >> > https://bugzilla.mindrot.org/show_bug.cgi?id=2081 >> >> >> Why not have the Authorized Keys Command be a script that figures out the domain from the username? >> >> _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev