https://bugzilla.mindrot.org/show_bug.cgi?id=2081
Bug ID: 2081
Summary: extend the parameters to the AuthorizedKeysCommand
Classification: Unclassified
Product: Portable OpenSSH
Version: 6.2p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: [email protected]
Reporter: [email protected]
Hi.
First, great to see bug #1663 fixed :)
AFAIU, right now you only supply one parameter to the command, the
username being authenticated for.
Why not adding further stuff, especially the command?
That would allow one to return a key list (possibly empty) depending on
the command the user wants to execute.
Especially handy to program e.g. kind of a command restrictor, that
matches the command string (with arguments) against white and black
lists of regular expressions.
Not sure if this would work with control channel muxes though, IIRC,
they make the command fixed for the mux, right?
But also other information, like the selected auth method(s) and cipher
algos could be interesting, e.g. a program could perhaps allow only a
few safe commands with methods/algos being less secure.
etc. pp.
Cheers,
Chris.
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
