On Sun, Mar 02, 2014 at 12:38:18PM +0100, Florian Zimmermann wrote: > I would like sshd to pass some more arguments to the AuthorizedKeysCommand > in order to print the authorized keys in a more intelligent manner. > > I was thinking of the Github case, i.e. lots of "real" users want to > authenticate as the git user, which is currently not feasable because the only > argument to the AuthorizedKeysCommand is the username being authenticated, > which is "git" for everybody. To allow everyone to authenticate as the git > user, the AuthorizedKeysCommand has to print all the public keys of all the > "real" users to standard output and sshd in turn has to parse all those keys > and match them against the key that is used for authentication. > > This patch passes two additional arguments to the AuthorizedKeysCommand: > - the type of the key used for authentication, e.g. "ssh-rsa", > - the MD5 fingerprint of the key used for authentication > > This allows the AuthorizedKeysCommand to print only a small subset of the > public keys. > > I also submitted this patch to upstream: > https://bugzilla.mindrot.org/show_bug.cgi?id=2081
Thanks for the patch. Just by way of setting expectations, I wouldn't take this kind of interface change as a Debian patch because there's too much risk that upstream would later introduce it in a slightly different form and then I'd be stuck with a compatibility problem. I'd prefer to wait for upstream. Cheers, -- Colin Watson [[email protected]] -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
