Re: OpenSSH Linux portable patch proposal

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Tue, 2 Jun 2015, Gy?rgy Demarcsek Ifj. wrote:

> Dear OpenSSH Developers,
> 
> I would like to propose a patch to OpenSSH for Linux. In the recent few
> months, I have encountered a scenario where a PAM module used for
> authentication in SSH should be informed about the previous successful
> authentication methods. I described the complete scenario here:
> http://serverfault.com/questions/690038/openssh-two-factor-authentication-combined-with-kerberos-public-key

I've wanted to expose more information about how the user authenticated
to the environment for a while, but I think that if we do it then we
should include (at least) key fingerprints too. Something like:

SSH_USER_AUTH=hostbased RSA SHA256:Iw75Ex+Re8WyIjqHEukxHtwz2weTFTBLPD2J9doYEfU, publickey CA ED25519 SHA256:rLKEbjpoN2+kuMQB7EiPqaeHut65ZfSe/z1EaWtKEmk Cert ID djm@xxxxxxxxxxx Serial 27908739, password

We could probably expose this to PAM as well, as SSH_COMPLETED_AUTH or
similar.

Could you please file a bug at https://bugzilla.mindrot.org/ to track
this feature?

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux