On 20.07.21 12:50, Xiaoguang WANG wrote: > * The authorized_keys file is only used for emergency use. > * Every login is checked by authorized keys command (it can use other > servers to auth through the network), and the command can return > "force nologin" to disable the keys in authorized_keys. > * In emergency cases (eg: network failure, or command corruption), the > emergency key in authorized_keys can still be used to recover the > system. I don't know how much effort OpenSSH spends on making the AuthorizedKeysCommand API failsafe, but just on general principle, *shouldn't* an AuthorizedKeysFile "for emergencies" be considered *before* an AuthorizedKeysCommand that may be affected (indefinite hang?) by said emergency? Otherwise: You IMHO could point AuthorizedKeysFile to an empty File and replace the current AuthorizedKeysCommand by something like #!/bin/sh F="/the/ACTUAL/file/with_the/emergency.pubkeys" /the/original/AuthorizedKeysCommand "$@" X=$? if [ -r "$F" ]; then cat "$F" exit $X else logger "Emergency config $F is missing or unreadable!!" exit 1 fi to get the order you want. (Assuming a unixoid system, that is.) Regards, -- Jochen Bern Systemingenieur Binect GmbH
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
