Luciano Bello
2010-Apr-11 20:16 UTC
[PATCH] AuthorizedKeysFile: tokens for type and fingerprint
Hello all, There are some scenarios where is useful to storage one key per authorized_keys in an OpenSSH server. This is particularly true in gitosis cases. It manages multiple repositories under the same user account and it may have escalation problems. In our case, the keys are stored in a MySQL database and queried by a fuse application when the authorized file is requested by OpenSSH. Of course we wanted to minimized the size of the query response. That's why we wrote the attached patch. It allows to use two new tokens in the AuthorizedKeysFile sshd_config option: * %t, user pubkey type * %f, user pubkey fingerprint So, "AuthorizedKeysFile ~/%t-%f.pubkey" will look for the key at ~/RSA-e9:6e:a0:72:c6:a3:29:f6:bd:79:f2:f8:e0:08:b4:14.pubkey. Maybe you have your own scenario where this may be useful. It would be nice if you put this code in. thanks, luciano -------------- next part -------------- A non-text attachment was scrubbed... Name: fp_token.patch Type: text/x-diff Size: 2990 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20100411/c3e6bfdc/attachment-0002.bin> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20100411/c3e6bfdc/attachment-0003.bin>
Seemingly Similar Threads
- [Bug 1747] New: AuthorizedKeysFile not working as advertised
- AuthorizedKeysFile
- [Bug 2490] New: allow to set AuthorizedKeysFile none
- [Bug 412] New: AuthorizedKeysFile assumes home directory access upon authentication
- [Bug 1684] Support multiple AuthorizedKeysFile entries