search for: authorized_keys_command

...is untested but is the basic idea: diff -ru openssh-6.2p1/auth2-pubkey.c openssh-6.2p1-modified/auth2-pubkey.c --- openssh-6.2p1/auth2-pubkey.c 2013-02-15 00:28:56.000000000 +0100 +++ openssh-6.2p1-modified/auth2-pubkey.c 2013-06-09 20:07:15.039975210 +0200 @@ -554,7 +554,8 @@ } execl(options.authorized_keys_command, - options.authorized_keys_command, user_pw->pw_name, NULL); + options.authorized_keys_command, user_pw->pw_name, + key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX), NULL); error("AuthorizedKeysCommand %s exec failed: %s", options.authorized_keys_command, strerror(errno...

...-existing username, not about command. --- auth2-pubkey.c 14 Nov 2012 08:04:02 -0000 1.36 +++ auth2-pubkey.c 14 Feb 2013 16:50:04 -0000 @@ -480,7 +480,7 @@ pw = getpwnam(username); if (pw == NULL) { error("AuthorizedKeyCommandUser \"%s\" not found: %s", - options.authorized_keys_command, strerror(errno)); + username, strerror(errno)); free(username); return 0; } Petr

...k I had to do, since the AuthorizedKeysCommand feature requires file to be owned by root, I had to use root owned command at root owned directory, although it does not add a security value. At auth2-pubkey.c::user_key_command_allowed2(), we have the following: if (auth_secure_path(options.authorized_keys_command, &st, NULL, 0, errmsg, sizeof(errmsg)) != 0) { error("Unsafe AuthorizedKeysCommand: %s", errmsg); goto out; } This enforce root uid explicitly (arg#4). Will it be acceptable to use geteuid() instead of 0, to allow unprivileged proc...

...= RCS file: /cvs/src/usr.bin/ssh/servconf.h,v retrieving revision 1.112 diff -u -p -u -r1.112 servconf.h --- servconf.h 29 Jan 2014 06:18:35 -0000 1.112 +++ servconf.h 6 Jun 2014 08:04:06 -0000 @@ -209,6 +209,9 @@ struct connection_info { M_CP_STROPT(authorized_principals_file); \ M_CP_STROPT(authorized_keys_command); \ M_CP_STROPT(authorized_keys_command_user); \ + M_CP_STROPT(ciphers); \ + M_CP_STROPT(macs); \ + M_CP_STROPT(kex_algorithms); \ M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \ M_CP_STRARRAYOPT(allow_users, num_allow_users); \ M_CP_STRARRAYOPT(deny_users, num_deny_us...

...vant code is in auth2-pubkey.c, beginning at line 1041: if ((pid = subprocess("AuthorizedKeysCommand", pw, command, ac, av, &f)) == 0) goto out; uid_swapped = 1; temporarily_use_uid(pw); ok = check_authkeys_file(f, options.authorized_keys_command, key, pw); if (exited_cleanly(pid, "AuthorizedKeysCommand", command) != 0) goto out; Upon finding the correct public key in the command's output, we immediately wait() for the command to exit. However, the command may continue to generate output; if the subse...

https://bugzilla.mindrot.org/show_bug.cgi?id=2081 Bug ID: 2081 Summary: extend the parameters to the AuthorizedKeysCommand Classification: Unclassified Product: Portable OpenSSH Version: 6.2p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd