Displaying 20 results from an estimated 500 matches similar to: "pass fingerprint to authorizedkeyscommand"
2013 Jan 14
4
AuthorizedKeysCommand
Hi there,
We could set AuthorizedKeysCommand script, this will allow only to replace
authorized_keys file with keys stored in a database... But why this command
is so limited?
Why i can't just set a command script which will get a username and public
key as arguments and let him do it's own authorization??
I think this will allow for much more powerful tricks. For example do to an
2014 Jun 27
1
Using AuthorizedKeysCommand in unprivileged sshd mode
Hi,
I have a setup in which I run sshd as unprivileged user at dedicated port
to serve specific application.
It is working perfectly!
One tweak I had to do, since the AuthorizedKeysCommand feature requires
file to be owned by root, I had to use root owned command at root owned
directory, although it does not add a security value.
At auth2-pubkey.c::user_key_command_allowed2(), we have the
2016 Dec 30
12
[Bug 2655] New: AuthorizedKeysCommand with large output can deadlock
https://bugzilla.mindrot.org/show_bug.cgi?id=2655
Bug ID: 2655
Summary: AuthorizedKeysCommand with large output can deadlock
Product: Portable OpenSSH
Version: 7.2p2
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: sshd
Assignee: unassigned-bugs at
2015 Mar 16
2
[Bug 2367] New: AuthorizedKeysCommand add key fingerprint as second argument
https://bugzilla.mindrot.org/show_bug.cgi?id=2367
Bug ID: 2367
Summary: AuthorizedKeysCommand add key fingerprint as second
argument
Product: Portable OpenSSH
Version: 6.7p1
Hardware: Other
OS: FreeBSD
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
2013 Mar 22
52
[Bug 2081] New: extend the parameters to the AuthorizedKeysCommand
https://bugzilla.mindrot.org/show_bug.cgi?id=2081
Bug ID: 2081
Summary: extend the parameters to the AuthorizedKeysCommand
Classification: Unclassified
Product: Portable OpenSSH
Version: 6.2p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
2013 Apr 15
7
[Bug 2092] New: AuthorizedKeysCommand: bad ownership or modes for file
https://bugzilla.mindrot.org/show_bug.cgi?id=2092
Bug ID: 2092
Summary: AuthorizedKeysCommand: bad ownership or modes for file
Classification: Unclassified
Product: Portable OpenSSH
Version: 6.2p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: sshd
2012 Nov 20
4
Connection info with AuthorizedKeysCommand
I see that support for AuthorizedKeysCommand has been added. The
arguments supplied to the command is just the authenticating user. Can
we add the SSH connection details (ie. source and destination IPs and
ports) as well?
This command seems to be the idea way of requiring one set of
credentials from inside an organisation (say the user's own
authorized_keys file) and another set from outside
2012 Nov 13
1
problem with AuthorizedKeysCommand on OpenBSD
Hi,
I'm attempting to test the AuthorizedKeysCommand feature with the new
port of ssh-ldap-wrapper to OpenBSD. I'm running yesterday's
OpenBSD-current i386 snapshot, which includes AuthorizedKeysCommand.
The port of ssh-ldap-helper (at
http://old.nabble.com/-new--ssh-ldap-helper-td34667413.html) contains
all the bits I need, and the individual pieces appear to work once
configured:
2014 Jun 06
1
Patch: Ciphers, MACs and KexAlgorithms on Match
Hi all,
this is a patch to make Ciphers, MACs and KexAlgorithms available in
Match blocks. Now I can reach a -current machine with some Android
terminal app without changing the default ciphers for all clients:
Match Address 192.168.1.2
Ciphers aes128-cbc
MACs hmac-sha1
KexAlgorithms diffie-hellman-group-exchange-sha1
Index: servconf.c
2014 Feb 05
1
Make SSH_ORIGINAL_COMMAND available in AuthorizedKeysCommand context
Hi
Using SSH_ORIGINAL_COMMAND in AuthorizedKeys is so helpful, I'd like to
know if it might be possible to access it in the AuthorizedKeysCommand
context (via env ?). Is this possible ? can anybody give me advice on
going into this ?
If possible, I'll use this SSH_ORIGINAL_COMMAND to send client specifics
information to the AuthorizedKeysCommand script. Currently, the only
alternative
2014 May 30
2
AuthorizedKeysCommand run as the user
Is there any way to make the AuthorizedKeysCommand as the user which is trying
to log in?
Thanks.
--
Yves.
2023 May 22
6
[Bug 3574] New: ssh ignores AuthorizedPrincipalsCommand if AuthorizedKeysCommand is also set
https://bugzilla.mindrot.org/show_bug.cgi?id=3574
Bug ID: 3574
Summary: ssh ignores AuthorizedPrincipalsCommand if
AuthorizedKeysCommand is also set
Product: Portable OpenSSH
Version: 9.3p1
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component:
2014 Mar 20
2
patch to send incoming key to AuthorizedKeysCommand via stdin
Hi all,
I'm new to the list, so please forgive me if this is duplicated effort.
I have created a patch for openssh which modifies the AuthorizedKeysCommand
directive so that the incoming user's public key is sent to the specified
program via stdin. This provides a means to identify the connecting user
based solely on their public key and not just by the username.
The inspiration for
2014 Apr 14
1
AuthorizedKeysCommand size issue?
I'm running into issues with AuthorizedKeysCommand when the sum of the size of
the public keys become bigger than ~ 12 KB.
I created a bash script that runs
#!/bin/bash
curl -s --compressed http://someurl.example.com/pubkeys/$1
and am getting "error: returned status 23".
CURLE_WRITE_ERROR (23): An error occurred when writing received data to a
local file, or an error
2015 Nov 17
4
[Bug 2496] New: sshd hangs when using AuthorizedKeysCommand
https://bugzilla.mindrot.org/show_bug.cgi?id=2496
Bug ID: 2496
Summary: sshd hangs when using AuthorizedKeysCommand
Product: Portable OpenSSH
Version: 7.1p1
Hardware: amd64
OS: FreeBSD
Status: NEW
Severity: normal
Priority: P5
Component: sshd
Assignee: unassigned-bugs at
2016 Dec 31
2
[Bug 2656] New: Documentation does not mention "%k" as a supported token for AuthorizedKeysCommand
https://bugzilla.mindrot.org/show_bug.cgi?id=2656
Bug ID: 2656
Summary: Documentation does not mention "%k" as a supported
token for AuthorizedKeysCommand
Product: Portable OpenSSH
Version: 7.4p1
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
2013 Jun 19
4
AuthorizedKeysCommand idea
Hi,
I've been kicking this idea around, and the problem with it escapes
me. I'm looking for someone to tell me why this is a bad idea.
The new OpenSSH includes the AuthorizedKeysCommand, which was mostly
added to let people use a command to look up user keys in LDAP.
LDAP key lookup have some limitations -- specifically, the common
openssh-lpk_openldap schema won't let you add
2013 Apr 04
2
AuthorizedKeysCommand question
Hi,
is there a particular reason why this feature is "user" based and not
"user-pubkey" based?
What I mean is that it works for installation with small number of pubkeys
per user.
But imagine i.e. a GitHub scale - all users logging in as user "git". On
each auth request all the keys from database would be fetched and feeded to
OpenSSH.
Now I am only asking this out
2013 Oct 17
10
[Bug 2161] New: AuthorizedKeysCommand is not executed when defined inside Match block
https://bugzilla.mindrot.org/show_bug.cgi?id=2161
Bug ID: 2161
Summary: AuthorizedKeysCommand is not executed when defined
inside Match block
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: sshd
2013 Mar 22
4
[Bug 1663] sshd_config: AuthorizedKeysCommand
https://bugzilla.mindrot.org/show_bug.cgi?id=1663
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #33 from Damien Miller <djm at mindrot.org> ---
mark bugs closed by openssh-6.2 release as