Re: SSH certificate and serverside ForceCommand

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

On 23 jun. 2020 a las 23:21, Damien Miller wrote:
> I think your best avenue would be to set ExposeAuthInfo=yes in
> sshd_config (note: requires a relatively recent sshd) and parse it out
> of the certificate listed in $SSH_USER_AUTH. E.g.
>
> grep "^publickey .*cert[a-z0-9-]*@openssh.com" $SSH_USER_AUTH \
>         | awk '{print $2 " " $3}' | ssh-keygen -Lf -

"ExposeAuthInfo" solves our use case because it allows to read the
certificate with user privilegies. It requires sshd >= 7.6, I was reading
the manual on my distro which uses 7.4.

Thank you all for your time, and for the great OpenSSH suite!

Regards, Ale
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux