Skip to content

Commit

Permalink
Merge pull request #15 from Oefenweb/pr-14
Browse files Browse the repository at this point in the history 
Add support for AuthorizedKeysCommand and AuthorizedKeysCommandUser
  • Loading branch information
@tersmitten
tersmitten committed Mar 11, 2024
2 parents 60a4a18 + 787548e commit 98d9c06
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 7 deletions.
5 changes: 2 additions & 3 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,9 +62,8 @@ None
* `ssh_server_allow_users`: [default: `[]`]: A list of user name patterns. If specified, login is allowed only for user names that match one of the patterns
* `ssh_server_deny_groups`: [default: `[]`]: A list of group name patterns. If specified, login is disallowed for users whose primary group or supplementary group list matches one of the patterns
* `ssh_server_deny_users`: [default: `[]`]: A list of user name patterns. If specified, login is disallowed for user names that match one of the patterns
* `ssh_server_autorized_keys_command`: [default: ]: Specifies a program to be used to look up the user's public keys.
* `ssh_server_autorized_keys_command_user`: [default: `nobody`]: Specifies the user under whose account the AuthorizedKeysCommand is run

* `ssh_server_authorized_keys_command`: [optional]: Specifies a program to be used to look up the user's public keys
* `ssh_server_authorized_keys_command_user`: [default: `nobody`]: Specifies the user under whose account the `AuthorizedKeysCommand` is run

## Dependencies

Expand Down
7 changes: 3 additions & 4 deletions templates/etc/ssh/sshd_config.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,12 +42,11 @@ RSAAuthentication {{ ssh_server_rsa_authentication | bool | ternary('yes', 'no')
PubkeyAuthentication {{ ssh_server_pubkey_authentication | bool | ternary('yes', 'no') }}
AuthorizedKeysFile {{ ssh_server_authorized_keys_file }}

{% if ssh_server_autorized_keys_command is defined %}
AuthorizedKeysCommand {{ ssh_server_autorized_keys_command }}
AuthorizedKeysCommandUser {{ ssh_server_autorized_keys_command_user }}
{% if ssh_server_authorized_keys_command is defined %}
AuthorizedKeysCommand {{ ssh_server_authorized_keys_command }}
AuthorizedKeysCommandUser {{ ssh_server_authorized_keys_command_user }}
{% endif %}


# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts {{ ssh_server_ignore_rhosts | bool | ternary('yes', 'no') }}
{% if ssh_server_version is version('7.4', '<') %}
Expand Down

0 comments on commit 98d9c06

Please sign in to comment.