On 04/26/2017 05:00 AM, Anton Worshevsky wrote:
Hello,
There are environment variables SSH_CLIENT and SSH_CONNECTION
with information about client of current session.
I want to implement new variables with info about credentials used for session authentication.
Such as:
SSH_CLIENT_CERT
SSH_CLIENT_CERT_ID
SSH_CLIENT_CERT_PRINCIPALS
SSH_CLIENT_PUBKEY
SSH_CLIENT_PUBKEY_FINGERPRINT
Some of that information available in logs but not inside the session.
Is there good reason why it's not implemented yet?
Do i need to hold myself from writing it? =)
Hello,
very similar thing was already implemented by and waits for review, more
use cases or higher interest by users:
https://bugzilla.mindrot.org/show_bug.cgi?id=2408
This creates variables SSH_USER_AUTH which contains all the successfully
used authentication methods with all the needed information. It also
provides configuration options to expose these information to PAM (for
possible additional authentication methods outside of SSH) or to user
session.
Rather than implementing something new, it would be better to work on
improving this feature to suit your needs and merging it upstream.
Regards,
--
Jakub Jelen
Software Engineer
Security Technologies
Red Hat
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
