[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Savannah-hackers-public] New sshd configuration
From: |
Bob Proulx |
Subject: |
Re: [Savannah-hackers-public] New sshd configuration |
Date: |
Fri, 4 Jan 2019 13:28:50 -0700 |
User-agent: |
Mutt/1.10.1 (2018-07-13) |
Bob Proulx wrote:
> AuthorizedKeysCommandUser root
> Match User root
> AuthorizedKeysCommand /bin/true
> Match all
> AuthorizedKeysCommand /root/bin/sv_get_authorized_keys
>
> I have tested that locally. Seems to do the desired thing. And that
> was what prevented me from being able to log in after a reboot
> previously. I am deploying it on vcs0.
Actually... Upon reflection...
Match User root
Match ALL
AuthorizedKeysCommandUser nobody
AuthorizedKeysCommand /root/bin/sv_get_authorized_keys
Much better! And it uses a non-root user for the query.
Bob