Displaying 2 results from an estimated 2 matches for "authorizedpincipalscommanduser".
2019 Mar 07
2
Dynamically allow users with OpenSSH?
...ren't the authorized keys/principals commands sufficient?
>
> $ getent group maybe-allow-these-users
> maybe-allow-these-users:x:111:user1,user2,user3,user4,user5...
>
> Match Group maybe-allow-these-users
> AuthorizedPrincipalsCommand /etc/ssh/allow_if_running_job %u
> AuthorizedPincipalsCommandUser nobody
>
> $ cat /etc/ssh/allow_if_running_job
> #!/bin/sh
> ps auxgw | grep $1 && echo $1
>
> the AuthorizedKeysCommand could look like
>
> $ cat /etc/ssh/allow_if_running_job
> #!/bin/sh
> ps auxgw | grep $1 && cat /home/$1/.ssh/authorized_keys
>
&...
2019 Mar 06
3
Dynamically allow users with OpenSSH?
Hello, how can I dynamically allow or disallow users with OpenSSH? I
have some nodes that users can submit jobs to, and can optionally be
handed a session to the requested node. But I want to prevent them
from SSH-ing in to nodes unless they have a job running on that node.
My idea was to implement libssh's callback abilities and have a script
that checks the username against jobs running on