version 1.200, 2015/04/29 03:48:56 |
version 1.201, 2015/05/21 06:38:35 |
|
|
of a single authentication method is sufficient. |
of a single authentication method is sufficient. |
.It Cm AuthorizedKeysCommand |
.It Cm AuthorizedKeysCommand |
Specifies a program to be used to look up the user's public keys. |
Specifies a program to be used to look up the user's public keys. |
The program must be owned by root and not writable by group or others. |
The program must be owned by root, not writable by group or others and |
It will be invoked with a single argument of the username |
specified by an absolute path. |
being authenticated, and should produce on standard output zero or |
.Pp |
|
Arguments to |
|
.Cm AuthorizedKeysCommand |
|
may be provided using the following tokens, which will be expanded |
|
at runtime: %% is replaced by a literal '%', %u is replaced by the |
|
username being authenticated, %h is replaced by the home directory |
|
of the user being authenticated, %t is replaced with the key type |
|
offered for authentication, %f is replaced with the fingerprint of |
|
the key, and %k is replaced with the key being offered for authentication. |
|
If no arguments are specified then the username of the target user |
|
will be supplied. |
|
.Pp |
|
The program should produce on standard output zero or |
more lines of authorized_keys output (see AUTHORIZED_KEYS in |
more lines of authorized_keys output (see AUTHORIZED_KEYS in |
.Xr sshd 8 ) . |
.Xr sshd 8 ) . |
If a key supplied by AuthorizedKeysCommand does not successfully authenticate |
If a key supplied by AuthorizedKeysCommand does not successfully authenticate |