> > > The script they call acts similar to this
> > >
> > > user="$1"
>
> case $user in
> user1)
> do stuff
> ;;
> user2)
> do stuff
> ;;
>
> user3)
> do stuff
> ;;
> *)
> invalid user stuff
> ;;
A solution that scales would use a regex that check
On Tue, Dec 12, 2017 at 05:25:27PM -0800, Paulm wrote:
> On Tue, Dec 12, 2017 at 09:35:27AM -0700, Dan Becker wrote:
> > On Mon, Dec 11, 2017 at 7:13 PM, Paulm wrote:
> >
> > > On Mon, Dec 11, 2017 at 03:49:24PM -0700, Dan Becker wrote:
> > > > I am reading a blog proposing to use the AuthorizedK
On Tue, Dec 12, 2017 at 09:35:27AM -0700, Dan Becker wrote:
> On Mon, Dec 11, 2017 at 7:13 PM, Paulm wrote:
>
> > On Mon, Dec 11, 2017 at 03:49:24PM -0700, Dan Becker wrote:
> > > I am reading a blog proposing to use the AuthorizedKeyCommand to hook
> > into
> > > another authentication mechanism
On Tue, Dec 12, 2017 at 09:35:27AM -0700, Dan Becker wrote:
> On Mon, Dec 11, 2017 at 7:13 PM, Paulm wrote:
>
> > On Mon, Dec 11, 2017 at 03:49:24PM -0700, Dan Becker wrote:
> > > I am reading a blog proposing to use the AuthorizedKeyCommand to hook
> > into
> > > another authentication mechanism
On Tue, Dec 12, 2017 at 10:35 AM, Dan Becker wrote:
> On Mon, Dec 11, 2017 at 7:13 PM, Paulm wrote:
>
>
> My main concern comes from the fact this process is being ran as root and
> injecting the username as an arg "$1"
>
> Example :
>
> What happens if someone runs ssh '"&rm -rf /'@host, is the
On Mon, Dec 11, 2017 at 7:13 PM, Paulm wrote:
> On Mon, Dec 11, 2017 at 03:49:24PM -0700, Dan Becker wrote:
> > I am reading a blog proposing to use the AuthorizedKeyCommand to hook
> into
> > another authentication mechanism by calling a shell script
> >
> > https://blog.heckel.xyz/2015/05/04/o
On Mon, Dec 11, 2017 at 03:49:24PM -0700, Dan Becker wrote:
> I am reading a blog proposing to use the AuthorizedKeyCommand to hook into
> another authentication mechanism by calling a shell script
>
> https://blog.heckel.xyz/2015/05/04/openssh-authorizedkeyscommand-with-fingerprint/
>
> Do I ha
On 12/11/17 23:49, Dan Becker wrote:
I am reading a blog proposing to use the AuthorizedKeyCommand to hook into
another authentication mechanism by calling a shell script
https://blog.heckel.xyz/2015/05/04/openssh-authorizedkeyscommand-with-fingerprint/
Do I have a valid concern in thinking th
I am reading a blog proposing to use the AuthorizedKeyCommand to hook into
another authentication mechanism by calling a shell script
https://blog.heckel.xyz/2015/05/04/openssh-authorizedkeyscommand-with-fingerprint/
Do I have a valid concern in thinking this might not be a prudent method of
aut
9 matches
Mail list logo
