Mailing List Archive

export public key to environment
Hello all,

Some while ago I developed a small patch for sshd, for internal
consumption, so that, when a client uses a private key, the
corresponding public key is exported in the environment.  I use it to
identify which of a multitude of devices is logged in to a shared
account, but I'm sure there are many uses to which it could be put. 
Now, I wonder whether there already was a way of achieving the same
result.  I need to be able to identify previously unseen devices, so I
cannot just store the public key (c.f. authorized_keys) before use.

If this patch does indeed provide a new function (could not otherwise
achieve the desired outcome), is it something which would be welcomed
for inclusion in the official source?  I've attached the patch so that
you can see what's involved.

Regards,

David
Re: export public key to environment [ In reply to ]
On Wed, 2018-11-14 at 11:59 +1030, David Newall wrote:
> Hello all,
>
> Some while ago I developed a small patch for sshd, for internal
> consumption, so that, when a client uses a private key, the
> corresponding public key is exported in the environment. I use it
> to
> identify which of a multitude of devices is logged in to a shared
> account, but I'm sure there are many uses to which it could be put.
> Now, I wonder whether there already was a way of achieving the same
> result. I need to be able to identify previously unseen devices, so
> I
> cannot just store the public key (c.f. authorized_keys) before use.
>
> If this patch does indeed provide a new function (could not
> otherwise
> achieve the desired outcome), is it something which would be
> welcomed
> for inclusion in the official source? I've attached the patch so
> that
> you can see what's involved.

Hello,
If I am right, something like this was solved few releases back
(OpenSSH 7.6) based on the bug #2408 [1], which handles this in more
general manner (expose information about all authentication methods
that succeeded).

Brief description can be found in manual page of sshd_config under the
ExposeAuthInfo option. The most of the source code can be found here
[2]

[1] https://bugzilla.mindrot.org/show_bug.cgi?id=2408
[2] https://anongit.mindrot.org/openssh.git/commit/?id=8f574959

Regards,
--
Jakub Jelen
Software Engineer
Security Technologies
Red Hat, Inc.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev