Re: sshd: SSH_CLIENT_CERT and SSH_CLIENT_PUBKEY env variables

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 04/26/2017 05:00 AM, Anton Worshevsky wrote:
Hello,

There are environment variables SSH_CLIENT and SSH_CONNECTION
with information about client of current session.

I want to implement new variables with info about credentials used for session authentication.
Such as:

SSH_CLIENT_CERT
SSH_CLIENT_CERT_ID
SSH_CLIENT_CERT_PRINCIPALS

SSH_CLIENT_PUBKEY
SSH_CLIENT_PUBKEY_FINGERPRINT

Some of that information available in logs but not inside the session.
Is there good reason why it's not implemented yet?
Do i need to hold myself from writing it? =)

Hello,
very similar thing was already implemented by and waits for review, more use cases or higher interest by users:

https://bugzilla.mindrot.org/show_bug.cgi?id=2408

This creates variables SSH_USER_AUTH which contains all the successfully used authentication methods with all the needed information. It also provides configuration options to expose these information to PAM (for possible additional authentication methods outside of SSH) or to user session.

Rather than implementing something new, it would be better to work on improving this feature to suit your needs and merging it upstream.

Regards,
--
Jakub Jelen
Software Engineer
Security Technologies
Red Hat
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux