Hello, On 20/05/2019 19.24, Morgan, Iain (ARC-TN)[InuTeq, LLC] wrote: > Couldn't you accomplish the same thing with your AuthorizedKeysCommand? You could have it check for local authorized_keys files first, and then only fall back to the cloud if necessary. Depending on how complex you are willing to make the AuthorizedKeysCommand, you could implement some form of caching to further reduce the dependency on the cloud. Sadly that doesn't work because the AuthorizedKeysCommand output is buffered and afterwards checked against the key. See: https://github.com/openssh/openssh-portable/blob/master/auth2-pubkey.c#L883 . -- Andrei Gherzan gpg: rsa4096/D4D94F67AD0E9640 | t: @agherzan _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
