On 12/11/17 23:49, Dan Becker wrote:
I am reading a blog proposing to use the AuthorizedKeyCommand to hook into another authentication mechanism by calling a shell scripthttps://blog.heckel.xyz/2015/05/04/openssh-authorizedkeyscommand-with-fingerprint/ Do I have a valid concern in thinking this might not be a prudent method of authentication ?
AFAICT, he is using AuthorizedKeyCommand exactly as intended, generating authorized_keys entries on demand.
What are you concerned about? /Alexander
