Re: [Savannah-hackers-public] New sshd configuration

savannah-hackers-public

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-hackers-public] New sshd configuration

From:	Bob Proulx
Subject:	Re: [Savannah-hackers-public] New sshd configuration
Date:	Fri, 4 Jan 2019 13:28:50 -0700
User-agent:	Mutt/1.10.1 (2018-07-13)

Bob Proulx wrote:
>   AuthorizedKeysCommandUser root
>   Match User root
>           AuthorizedKeysCommand /bin/true
>   Match all
>           AuthorizedKeysCommand /root/bin/sv_get_authorized_keys
> 
> I have tested that locally.  Seems to do the desired thing.  And that
> was what prevented me from being able to log in after a reboot
> previously.  I am deploying it on vcs0.

Actually...  Upon reflection...

Match User root
Match ALL
        AuthorizedKeysCommandUser nobody
        AuthorizedKeysCommand /root/bin/sv_get_authorized_keys

Much better!  And it uses a non-root user for the query.

Bob

[Prev in Thread]

Current Thread

[Next in Thread]

[Savannah-hackers-public] New sshd configuration, Bob Proulx, 2019/01/04
- Re: [Savannah-hackers-public] New sshd configuration, Bob Proulx <=
  - Re: [Savannah-hackers-public] New sshd configuration, Bob Proulx, 2019/01/05

Prev by Date: [Savannah-hackers-public] New sshd configuration
Next by Date: Re: [Savannah-hackers-public] FSF public IP addresses are changing between December 20 and January 7th
Previous by thread: [Savannah-hackers-public] New sshd configuration
Next by thread: Re: [Savannah-hackers-public] New sshd configuration
Index(es):
- Date
- Thread