version 1.234, 2016/09/22 17:55:13 |
version 1.235, 2016/09/22 19:19:01 |
|
|
Specifies a program to be used to look up the user's public keys. |
Specifies a program to be used to look up the user's public keys. |
The program must be owned by root, not writable by group or others and |
The program must be owned by root, not writable by group or others and |
specified by an absolute path. |
specified by an absolute path. |
.Pp |
|
Arguments to |
Arguments to |
.Cm AuthorizedKeysCommand |
.Cm AuthorizedKeysCommand |
may be provided using the following tokens, which will be expanded |
accept the tokens described in the |
at runtime: %% is replaced by a literal '%', %u is replaced by the |
.Sx TOKENS |
username being authenticated, %h is replaced by the home directory |
section. |
of the user being authenticated, %t is replaced with the key type |
If no arguments are specified then the username of the target user is used. |
offered for authentication, %f is replaced with the fingerprint of |
|
the key, and %k is replaced with the key being offered for authentication. |
|
If no arguments are specified then the username of the target user |
|
will be supplied. |
|
.Pp |
.Pp |
The program should produce on standard output zero or |
The program should produce on standard output zero or |
more lines of authorized_keys output (see AUTHORIZED_KEYS in |
more lines of authorized_keys output (see |
|
.Sx AUTHORIZED_KEYS |
|
in |
.Xr sshd 8 ) . |
.Xr sshd 8 ) . |
If a key supplied by AuthorizedKeysCommand does not successfully authenticate |
If a key supplied by |
|
.Cm AuthorizedKeysCommand |
|
does not successfully authenticate |
and authorize the user then public key authentication continues using the usual |
and authorize the user then public key authentication continues using the usual |
.Cm AuthorizedKeysFile |
.Cm AuthorizedKeysFile |
files. |
files. |
|
|
.Xr sshd 8 |
.Xr sshd 8 |
will refuse to start. |
will refuse to start. |
.It Cm AuthorizedKeysFile |
.It Cm AuthorizedKeysFile |
Specifies the file that contains the public keys that can be used |
Specifies the file that contains the public keys used for user authentication. |
for user authentication. |
|
The format is described in the |
The format is described in the |
AUTHORIZED_KEYS FILE FORMAT |
.Sx AUTHORIZED_KEYS FILE FORMAT |
section of |
section of |
.Xr sshd 8 . |
.Xr sshd 8 . |
|
Arguments to |
.Cm AuthorizedKeysFile |
.Cm AuthorizedKeysFile |
may contain tokens of the form %T which are substituted during connection |
accept the tokens described in the |
setup. |
.Sx TOKENS |
The following tokens are defined: %% is replaced by a literal '%', |
section. |
%h is replaced by the home directory of the user being authenticated, and |
|
%u is replaced by the username of that user. |
|
After expansion, |
After expansion, |
.Cm AuthorizedKeysFile |
.Cm AuthorizedKeysFile |
is taken to be an absolute path or one relative to the user's home |
is taken to be an absolute path or one relative to the user's home |
|
|
.Cm AuthorizedPrincipalsFile . |
.Cm AuthorizedPrincipalsFile . |
The program must be owned by root, not writable by group or others and |
The program must be owned by root, not writable by group or others and |
specified by an absolute path. |
specified by an absolute path. |
.Pp |
|
Arguments to |
Arguments to |
.Cm AuthorizedPrincipalsCommand |
.Cm AuthorizedPrincipalsCommand |
may be provided using the following tokens, which will be expanded |
accept the tokens described in the |
at runtime: |
.Sx TOKENS |
%% is replaced by a literal '%', |
section. |
%F with the fingerprint of the CA key, |
If no arguments are specified then the username of the target user is used. |
%f is replaced with certificate fingerprint, |
|
%K is replaced with the base-64 encoded CA key. |
|
%k is replaced with the full base-64 encoded certificate, |
|
%h is replaced with the home directory of the user being authenticated, |
|
%i is replaced with key ID in the certificate, |
|
%s is replaced with the serial number of the certificate, |
|
%T with the type of the CA key, |
|
%t is replaced with type of the certificate being offered, and |
|
%u is replaced by the username being authenticated, |
|
If no arguments are specified then the username of the target user |
|
will be supplied. |
|
.Pp |
.Pp |
The program should produce on standard output zero or |
The program should produce on standard output zero or |
more lines of |
more lines of |
|
|
.Cm AuthorizedPrincipalsFile |
.Cm AuthorizedPrincipalsFile |
is specified, then certificates offered by the client for authentication |
is specified, then certificates offered by the client for authentication |
must contain a principal that is listed. |
must contain a principal that is listed. |
By default, no AuthorizedPrincipalsCommand is run. |
By default, no |
|
.Cm AuthorizedPrincipalsCommand |
|
is run. |
.It Cm AuthorizedPrincipalsCommandUser |
.It Cm AuthorizedPrincipalsCommandUser |
Specifies the user under whose account the AuthorizedPrincipalsCommand is run. |
Specifies the user under whose account the |
|
.Cm AuthorizedPrincipalsCommand |
|
is run. |
It is recommended to use a dedicated user that has no other role on the host |
It is recommended to use a dedicated user that has no other role on the host |
than running authorized principals commands. |
than running authorized principals commands. |
If |
If |
|
|
.Cm TrustedUserCAKeys , |
.Cm TrustedUserCAKeys , |
this file lists names, one of which must appear in the certificate for it |
this file lists names, one of which must appear in the certificate for it |
to be accepted for authentication. |
to be accepted for authentication. |
Names are listed one per line preceded by key options (as described |
Names are listed one per line preceded by key options (as described in |
in AUTHORIZED_KEYS FILE FORMAT in |
.Sx AUTHORIZED_KEYS FILE FORMAT |
|
in |
.Xr sshd 8 ) . |
.Xr sshd 8 ) . |
Empty lines and comments starting with |
Empty lines and comments starting with |
.Ql # |
.Ql # |
are ignored. |
are ignored. |
.Pp |
.Pp |
|
Arguments to |
.Cm AuthorizedPrincipalsFile |
.Cm AuthorizedPrincipalsFile |
may contain tokens of the form %T which are substituted during connection |
accept the tokens described in the |
setup. |
.Sx TOKENS |
The following tokens are defined: %% is replaced by a literal '%', |
section. |
%h is replaced by the home directory of the user being authenticated, and |
|
%u is replaced by the username of that user. |
|
After expansion, |
After expansion, |
.Cm AuthorizedPrincipalsFile |
.Cm AuthorizedPrincipalsFile |
is taken to be an absolute path or one relative to the user's home |
is taken to be an absolute path or one relative to the user's home directory. |
directory. |
|
.Pp |
|
The default is |
The default is |
.Dq none , |
.Dq none , |
i.e. not to use a principals file \(en in this case, the username |
i.e. not to use a principals file \(en in this case, the username |
of the user must appear in a certificate's principals list for it to be |
of the user must appear in a certificate's principals list for it to be |
accepted. |
accepted. |
|
.Pp |
Note that |
Note that |
.Cm AuthorizedPrincipalsFile |
.Cm AuthorizedPrincipalsFile |
is only used when authentication proceeds using a CA listed in |
is only used when authentication proceeds using a CA listed in |
|
|
After the chroot, |
After the chroot, |
.Xr sshd 8 |
.Xr sshd 8 |
changes the working directory to the user's home directory. |
changes the working directory to the user's home directory. |
|
Arguments to |
|
.Cm ChrootDirectory |
|
accept the tokens described in the |
|
.Sx TOKENS |
|
section. |
.Pp |
.Pp |
The pathname may contain the following tokens that are expanded at runtime once |
|
the connecting user has been authenticated: %% is replaced by a literal '%', |
|
%h is replaced by the home directory of the user being authenticated, and |
|
%u is replaced by the username of that user. |
|
.Pp |
|
The |
The |
.Cm ChrootDirectory |
.Cm ChrootDirectory |
must contain the necessary files and directories to support the |
must contain the necessary files and directories to support the |
|
|
.It 1h30m |
.It 1h30m |
1 hour 30 minutes (90 minutes) |
1 hour 30 minutes (90 minutes) |
.El |
.El |
|
.Sh TOKENS |
|
Arguments to some keywords can make use of tokens, |
|
which are expanded at runtime: |
|
.Pp |
|
.Bl -tag -width XXXX -offset indent -compact |
|
.It %% |
|
A literal |
|
.Sq % . |
|
.It %F |
|
The fingerprint of the CA key. |
|
.It %f |
|
The fingerprint of the key or certificate. |
|
.It %h |
|
The home directory of the user. |
|
.It %i |
|
The key ID in the certificate. |
|
.It %K |
|
The base64-encoded CA key. |
|
.It %k |
|
The base64-encoded key or certificate for authentication. |
|
.It %s |
|
The serial number of the certificate. |
|
.It \&%T |
|
The type of the CA key. |
|
.It %t |
|
The key or certificate type. |
|
.It %u |
|
The username. |
|
.El |
|
.Pp |
|
.Cm AuthorizedKeysCommand |
|
accepts the tokens %%, %f, %h, %t, and %u. |
|
.Pp |
|
.Cm AuthorizedKeysFile |
|
accepts the tokens %%, %h, and %u. |
|
.Pp |
|
.Cm AuthorizedPrincipalsCommand |
|
accepts the tokens %%, %F, %f, %K, %k, %h, %i, %s, %T, %t, and %u. |
|
.Pp |
|
.Cm AuthorizedPrincipalsFile |
|
accepts the tokens %%, %h, and %u. |
|
.Pp |
|
.Cm ChrootDirectory |
|
accepts the tokens %%, %h, and %u. |
.Sh FILES |
.Sh FILES |
.Bl -tag -width Ds |
.Bl -tag -width Ds |
.It Pa /etc/ssh/sshd_config |
.It Pa /etc/ssh/sshd_config |