Add -U flag for customizing authorized keys file path #35
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This patch adds support for the new command line flag -U which allows one to customize the location of the file containing the authorized keys. This is usefull when running several unrelated and isolated SSH services on one machine, using different sets of authentication keys. The new -U flag accept both absolute and relative paths. When a relative path is used it is appended to the user home directory. Authentication fails when any intermediate directory between the user home and the location of the file (both inclusive) is group or world writeable. When an absolute directory is given all the ancestor directories are checked until some common parent between the authorized keys path and the user home (up to the root directory) is reached. For instance, if home is '/home/bar', and the authorized keys path given is '/home/root/.ssh/authorized_keys', the objects checked are '/home/root/.ssh/authorized_keys', '/home/root/.ssh', '/home/root' and '/home'.
This allows one for instance, to run a temporary dropbear servers from the /tmp directory, which is world writeable but has tipically the sticky bit set.
|
@mkj did you have any thoughts on this? Interest arises because we'd like to be able to run rootless with the following file locations set at compile time, using the same convention as
No reflection we don't need XDG knowledge built in.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
commit 078846b
Author: Salvador Fandino [email protected]
Date: Thu Jun 9 16:00:37 2016 +0200
commit 0197473
Author: Salvador Fandino [email protected]
Date: Wed Jun 8 18:15:13 2016 +0200