command=" authorized_keys not enforced?

[andynz2017]

Authentication using publickey to workstation user account (non domain user).
Syntax Used:
command="C:\folder location\application folder\binary" ssh-rsa KEY HERE rmteuser@rmtehost
Authentication over SSH successful even though command not specified on the client side, and enforced in authorized_keys file server side. Shell access acquired where it should be restricted if command not specified?

Unsure if this is an issue with how I have defined the command statement in the authorized_keys file or whether this is an underlying bug. Please advise, may just be me being a muppet.

[manojampalam]

This is not supported in Windows yet.

Did you not see this log message in sshd.log or ssh-agent.log ?
AuthorizedPrincipalsCommand and AuthorizedKeysCommand are not supported in Windows yet

If not, let me know.

[andynz2017]

Thanks for the quick response.

Using DEBUG3, no messages associated with AuthorizedPrinciplesCommand or AuthorizedKeysCommand noted.

[manojampalam]

Just tried adding these in sshd_config
AuthorizedKeysCommand /c:\windows\system32\cmd.exe
AuthorizedKeysCommandUser admin

and saw this line in ssh-agent.log
10992 23:37:26 859 AuthorizedPrincipalsCommand and AuthorizedKeysCommand are not supported in Windows yet

[andynz2017]

This would explain why I didn’t see the error in ssh-agent.log. I didn’t have those commands explicitly defined in my sshd_config configuration. Is there estimated time frames on when this feature may become available? From: Manoj Ampalam <notifications@github.com> Reply-To: PowerShell/Win32-OpenSSH <reply@reply.github.com> Date: Sunday, 15 January 2017 at 20:39 To: PowerShell/Win32-OpenSSH <Win32-OpenSSH@noreply.github.com> Cc: Andrew Hardy <andrewhardy@andrewhardy.co.nz>, Author <author@noreply.github.com> Subject: Re: [PowerShell/Win32-OpenSSH] command=" authorized_keys not enforced? (#473) Just tried adding these in sshd_config AuthorizedKeysCommand /c:\windows\system32\cmd.exe AuthorizedKeysCommandUser admin and saw this line in ssh-agent.log 10992 23:37:26 859 AuthorizedPrincipalsCommand and AuthorizedKeysCommand are not supported in Windows yet — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread. {"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/PowerShell/Win32-OpenSSH","title":"PowerShell/Win32-OpenSSH","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/PowerShell/Win32-OpenSSH"}},"updates":{"snippets":[{"icon":"PERSON","message":"@manojampalam in #473: Just tried adding these in sshd_config\r\nAuthorizedKeysCommand /c:\\windows\\system32\\cmd.exe\r\nAuthorizedKeysCommandUser admin\r\n\r\nand saw this line in ssh-agent.log\r\n10992 23:37:26 859 AuthorizedPrincipalsCommand and AuthorizedKeysCommand are not supported in Windows yet"}],"action":{"name":"View Issue","url":"#473 (comment)"}}}