Re: AuthorizedKeyCommand ldap

2017-12-13 Thread Paulm
> > > The script they call acts similar to this > > > > > > user="$1" > > case $user in > user1) > do stuff > ;; > user2) > do stuff > ;; > > user3) > do stuff > ;; > *) > invalid user stuff > ;; A solution that scales would use a regex that

Re: AuthorizedKeyCommand ldap

2017-12-12 Thread Edgar Pettijohn
On Tue, Dec 12, 2017 at 05:25:27PM -0800, Paulm wrote: > On Tue, Dec 12, 2017 at 09:35:27AM -0700, Dan Becker wrote: > > On Mon, Dec 11, 2017 at 7:13 PM, Paulm wrote: > > > > > On Mon, Dec 11, 2017 at 03:49:24PM -0700, Dan Becker wrote: > > > > I am reading a blog proposing

Re: AuthorizedKeyCommand ldap

2017-12-12 Thread Paulm
On Tue, Dec 12, 2017 at 09:35:27AM -0700, Dan Becker wrote: > On Mon, Dec 11, 2017 at 7:13 PM, Paulm wrote: > > > On Mon, Dec 11, 2017 at 03:49:24PM -0700, Dan Becker wrote: > > > I am reading a blog proposing to use the AuthorizedKeyCommand to hook > > into > > > another

Re: AuthorizedKeyCommand ldap

2017-12-12 Thread Paulm
On Tue, Dec 12, 2017 at 09:35:27AM -0700, Dan Becker wrote: > On Mon, Dec 11, 2017 at 7:13 PM, Paulm wrote: > > > On Mon, Dec 11, 2017 at 03:49:24PM -0700, Dan Becker wrote: > > > I am reading a blog proposing to use the AuthorizedKeyCommand to hook > > into > > > another

Re: AuthorizedKeyCommand ldap

2017-12-12 Thread Stefan Johnson
On Tue, Dec 12, 2017 at 10:35 AM, Dan Becker wrote: > On Mon, Dec 11, 2017 at 7:13 PM, Paulm wrote: > > > My main concern comes from the fact this process is being ran as root and > injecting the username as an arg "$1" > > Example : > > What happens

Re: AuthorizedKeyCommand ldap

2017-12-12 Thread Dan Becker
On Mon, Dec 11, 2017 at 7:13 PM, Paulm wrote: > On Mon, Dec 11, 2017 at 03:49:24PM -0700, Dan Becker wrote: > > I am reading a blog proposing to use the AuthorizedKeyCommand to hook > into > > another authentication mechanism by calling a shell script > > > >

Re: AuthorizedKeyCommand ldap

2017-12-11 Thread Paulm
On Mon, Dec 11, 2017 at 03:49:24PM -0700, Dan Becker wrote: > I am reading a blog proposing to use the AuthorizedKeyCommand to hook into > another authentication mechanism by calling a shell script > > https://blog.heckel.xyz/2015/05/04/openssh-authorizedkeyscommand-with-fingerprint/ > > Do I

Re: AuthorizedKeyCommand ldap

2017-12-11 Thread Alexander Hall
On 12/11/17 23:49, Dan Becker wrote: I am reading a blog proposing to use the AuthorizedKeyCommand to hook into another authentication mechanism by calling a shell script https://blog.heckel.xyz/2015/05/04/openssh-authorizedkeyscommand-with-fingerprint/ Do I have a valid concern in thinking

AuthorizedKeyCommand ldap

2017-12-11 Thread Dan Becker
I am reading a blog proposing to use the AuthorizedKeyCommand to hook into another authentication mechanism by calling a shell script https://blog.heckel.xyz/2015/05/04/openssh-authorizedkeyscommand-with-fingerprint/ Do I have a valid concern in thinking this might not be a prudent method of