Can you make ssh and sshd, instead of checking the ~/.ssh/known_hosts and ~/.ssh/authorized_keys (respectively), invoke a command with the requested key as an argument, and accept the key only if the command accepts?
Asked
Active
Viewed 176 times
3
-
http://serverfault.com/questions/407497/how-do-i-configure-sshd-to-permit-a-single-command-without-giving-full-login-ac – dmourati Sep 16 '14 at 16:08
1 Answers
2
I don't think sshd (running on the server) checks ~/.ssh/known_hosts.
However, see AuthorizedKeysCommand and AuthorizedKeysCommandRunAs configuration options. Some code seems to be here: http://www.sysadmin.org.au/index.php/2012/12/authorizedkeyscommand/
But I haven't tried this myself.
Paul Sand
- 21
- 1