This project is a fork of OpenSSH which modifies the
AuthorizedKeysCommand directive in sshd_config (present in OpenSSH 6.2 and
above) such that the public key of the incoming connection is sent to standard
input of the command, thus providing a means to identify the connecting user
based solely on their public key and not by the username.
The inspiration for this project was to be able to provide a service similar to some popular version control repository hosting sites, where a user uploads their SSH public key(s) via a web interface and accesses their repositories over SSH using a common SSH user account like "git" or "hg". However, there are likely many other use cases for this project.
This git repository is organized into this branch (master), pristine OpenSSH
branches (those that are just version numbers), and patched OpenSSH branches
(those that end with -stdinkey). The master branch contains this README.md
file and patches suitable for input to the patch command against a specific
version of the OpenSSH source code.
-
Warning: Specifying a command in
AuthorizedKeysCommandthat does not consume its standard input can lead to deadlock if this patch is applied. Specifically, sshd willwrite()all data (the incoming user's key) to standard input of the command before it attempts toread()any data from the command. If the incoming user's key is greater than the pipe buffer size then writing that data will block until what's in the pipe is consumed, but in this case there is no consumer.-
If you must use a command that does not consume its standard input, then you should at least close standard input in a wrapper script:
#!/bin/sh exec 0>&- # close stdin exec /usr/libexec/command-that-does-not-consume-stdin
-
-
It is probably a good idea to limit the use of the
AuthorizedKeysCommanddirective to the specific user which you would like to have this behavior using aMatchblock:Match user git AuthorizedKeysCommand /usr/libexec/lookup-ssh-key