search for: authorizedkeyscommand

Displaying 20 results from an estimated 110 matches for "authorizedkeyscommand".

2012 Nov 20
4
Connection info with AuthorizedKeysCommand
I see that support for AuthorizedKeysCommand has been added. The arguments supplied to the command is just the authenticating user. Can we add the SSH connection details (ie. source and destination IPs and ports) as well? This command seems to be the idea way of requiring one set of credentials from inside an organisation (say the user's...
2012 Nov 13
1
problem with AuthorizedKeysCommand on OpenBSD
Hi, I'm attempting to test the AuthorizedKeysCommand feature with the new port of ssh-ldap-wrapper to OpenBSD. I'm running yesterday's OpenBSD-current i386 snapshot, which includes AuthorizedKeysCommand. The port of ssh-ldap-helper (at http://old.nabble.com/-new--ssh-ldap-helper-td34667413.html) contains all the bits I need, and the individ...
2013 Jan 14
4
AuthorizedKeysCommand
Hi there, We could set AuthorizedKeysCommand script, this will allow only to replace authorized_keys file with keys stored in a database... But why this command is so limited? Why i can't just set a command script which will get a username and public key as arguments and let him do it's own authorization?? I think this will allow for...
2014 Jun 27
1
Using AuthorizedKeysCommand in unprivileged sshd mode
Hi, I have a setup in which I run sshd as unprivileged user at dedicated port to serve specific application. It is working perfectly! One tweak I had to do, since the AuthorizedKeysCommand feature requires file to be owned by root, I had to use root owned command at root owned directory, although it does not add a security value. At auth2-pubkey.c::user_key_command_allowed2(), we have the following: if (auth_secure_path(options.authorized_keys_command, &st, NULL, 0,...
2013 Jun 09
1
pass fingerprint to authorizedkeyscommand
Hi guys, It might be nice if AuthorizedKeysCommand would receive the fingerprint of the offered key as an argument, so that programs like gitolite could implement more refined key-based identity lookup that offers better performance than AuthorizedKeysFile's linear scan. The following patch is untested but is the basic idea: diff -ru openssh-...
2023 May 22
6
[Bug 3574] New: ssh ignores AuthorizedPrincipalsCommand if AuthorizedKeysCommand is also set
https://bugzilla.mindrot.org/show_bug.cgi?id=3574 Bug ID: 3574 Summary: ssh ignores AuthorizedPrincipalsCommand if AuthorizedKeysCommand is also set Product: Portable OpenSSH Version: 9.3p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: code a...
2015 Nov 17
4
[Bug 2496] New: sshd hangs when using AuthorizedKeysCommand
https://bugzilla.mindrot.org/show_bug.cgi?id=2496 Bug ID: 2496 Summary: sshd hangs when using AuthorizedKeysCommand Product: Portable OpenSSH Version: 7.1p1 Hardware: amd64 OS: FreeBSD Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: felicity at...
2013 Oct 17
10
[Bug 2161] New: AuthorizedKeysCommand is not executed when defined inside Match block
https://bugzilla.mindrot.org/show_bug.cgi?id=2161 Bug ID: 2161 Summary: AuthorizedKeysCommand is not executed when defined inside Match block Product: Portable OpenSSH Version: -current Hardware: All OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd Assign...
2014 Mar 20
2
patch to send incoming key to AuthorizedKeysCommand via stdin
Hi all, I'm new to the list, so please forgive me if this is duplicated effort. I have created a patch for openssh which modifies the AuthorizedKeysCommand directive so that the incoming user's public key is sent to the specified program via stdin. This provides a means to identify the connecting user based solely on their public key and not just by the username. The inspiration for this was to be able to provide a service similar to GitHub or B...
2015 Mar 16
2
[Bug 2367] New: AuthorizedKeysCommand add key fingerprint as second argument
https://bugzilla.mindrot.org/show_bug.cgi?id=2367 Bug ID: 2367 Summary: AuthorizedKeysCommand add key fingerprint as second argument Product: Portable OpenSSH Version: 6.7p1 Hardware: Other OS: FreeBSD Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee:...
2014 Feb 05
1
Make SSH_ORIGINAL_COMMAND available in AuthorizedKeysCommand context
Hi Using SSH_ORIGINAL_COMMAND in AuthorizedKeys is so helpful, I'd like to know if it might be possible to access it in the AuthorizedKeysCommand context (via env ?). Is this possible ? can anybody give me advice on going into this ? If possible, I'll use this SSH_ORIGINAL_COMMAND to send client specifics information to the AuthorizedKeysCommand script. Currently, the only alternative to this is to use the login itself (we have around...
2014 May 30
2
AuthorizedKeysCommand run as the user
Is there any way to make the AuthorizedKeysCommand as the user which is trying to log in? Thanks. -- Yves.
2013 Apr 15
7
[Bug 2092] New: AuthorizedKeysCommand: bad ownership or modes for file
https://bugzilla.mindrot.org/show_bug.cgi?id=2092 Bug ID: 2092 Summary: AuthorizedKeysCommand: bad ownership or modes for file Classification: Unclassified Product: Portable OpenSSH Version: 6.2p1 Hardware: amd64 OS: Linux Status: NEW Severity: minor Priority: P5 Component: sshd Assignee:...
2013 Jun 19
4
AuthorizedKeysCommand idea
Hi, I've been kicking this idea around, and the problem with it escapes me. I'm looking for someone to tell me why this is a bad idea. The new OpenSSH includes the AuthorizedKeysCommand, which was mostly added to let people use a command to look up user keys in LDAP. LDAP key lookup have some limitations -- specifically, the common openssh-lpk_openldap schema won't let you add restrictions at the front of the key. This didn't matter so much when the LPK patch was such a p...
2013 Mar 22
52
[Bug 2081] New: extend the parameters to the AuthorizedKeysCommand
https://bugzilla.mindrot.org/show_bug.cgi?id=2081 Bug ID: 2081 Summary: extend the parameters to the AuthorizedKeysCommand Classification: Unclassified Product: Portable OpenSSH Version: 6.2p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org...
2014 Apr 14
1
AuthorizedKeysCommand size issue?
I'm running into issues with AuthorizedKeysCommand when the sum of the size of the public keys become bigger than ~ 12 KB. I created a bash script that runs #!/bin/bash curl -s --compressed http://someurl.example.com/pubkeys/$1 and am getting "error: returned status 23". CURLE_WRITE_ERROR (23): An error occurred when writing...
2014 Sep 16
13
[Bug 2276] New: AuthorizedKeysCommand: add an option for alternate owner
https://bugzilla.mindrot.org/show_bug.cgi?id=2276 Bug ID: 2276 Summary: AuthorizedKeysCommand: add an option for alternate owner Product: Portable OpenSSH Version: 6.6p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unass...
2013 Apr 04
2
AuthorizedKeysCommand question
...ent it the way it currently is? Currently it executes one external command per auth request. If we would like a larger scale support, we would need to make it configurable to support one external command execution per presented pubkey (user may present multiple pubkeys, of course). Something like: AuthorizedKeysCommand "/path/to/auth %u %p" # %p is made up, but it stands for pubkey fingerprint b.
2016 Dec 30
12
[Bug 2655] New: AuthorizedKeysCommand with large output can deadlock
https://bugzilla.mindrot.org/show_bug.cgi?id=2655 Bug ID: 2655 Summary: AuthorizedKeysCommand with large output can deadlock Product: Portable OpenSSH Version: 7.2p2 Hardware: All OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org...
2016 Dec 31
2
[Bug 2656] New: Documentation does not mention "%k" as a supported token for AuthorizedKeysCommand
https://bugzilla.mindrot.org/show_bug.cgi?id=2656 Bug ID: 2656 Summary: Documentation does not mention "%k" as a supported token for AuthorizedKeysCommand Product: Portable OpenSSH Version: 7.4p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: jboning at gmail.c...