Lucas Halbert
2016-07-29 14:18:26 UTC
To whom it may concern,
I have a question regarding the AuthorizedKeysCommand functionality. Currently I am working on building an openldap sshPublicKey infrastructure which contains sshPublicKey entries with the following format(options keytype base64-encoded-key comment) example: (from="host1.example.com" ssh-rsa AB3Nz...EN8w== ***@host1.example.com<mailto:***@host1.example.com>). I am wondering if the AuthorizedKeysCommand directive, or some other openssh function, offers a facility to parse the "options" field of the sshPublicKey entry in LDAP like openssh does using the authorized_keys file. My goal is to restrict the origin of SSH connections which use key exchange based on the from="" option of the sshPublicKey stored in LDAP. Any guidance you have is appreciated.
Thanks,
Lucas
I have a question regarding the AuthorizedKeysCommand functionality. Currently I am working on building an openldap sshPublicKey infrastructure which contains sshPublicKey entries with the following format(options keytype base64-encoded-key comment) example: (from="host1.example.com" ssh-rsa AB3Nz...EN8w== ***@host1.example.com<mailto:***@host1.example.com>). I am wondering if the AuthorizedKeysCommand directive, or some other openssh function, offers a facility to parse the "options" field of the sshPublicKey entry in LDAP like openssh does using the authorized_keys file. My goal is to restrict the origin of SSH connections which use key exchange based on the from="" option of the sshPublicKey stored in LDAP. Any guidance you have is appreciated.
Thanks,
Lucas