Bob Proulx wrote:
> AuthorizedKeysCommandUser root
> Match User root
> AuthorizedKeysCommand /bin/true
> Match all
> AuthorizedKeysCommand /root/bin/sv_get_authorized_keys
>
> I have tested that locally. Seems to do the desired thing. And that
> was what prevented me from being able to log in after a reboot
> previously. I am deploying it on vcs0.
Actually... Upon reflection...
Match User root
Match ALL
AuthorizedKeysCommandUser nobody
AuthorizedKeysCommand /root/bin/sv_get_authorized_keys
Much better! And it uses a non-root user for the query.
Bob
