From 02b52fa7cf4cb410435abf39a1e58ce663df6b5c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Johannes=20L=C3=B6thberg?= <johannes@kyriasis.com>
Date: Sat, 1 Oct 2016 20:53:44 +0200
Subject: [PATCH 1/2] Add AuthorizedKeysCommand support
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
---
 openssh/files/sshd_config | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/openssh/files/sshd_config b/openssh/files/sshd_config
index 471e031..a45f9b9 100644
--- a/openssh/files/sshd_config
+++ b/openssh/files/sshd_config
@@ -81,6 +81,8 @@
 {{ option_default_uncommented('RSAAuthentication', 'yes') }}
 {{ option_default_uncommented('PubkeyAuthentication', 'yes') }}
 {{ option('AuthorizedKeysFile', '%h/.ssh/authorized_keys') }}
+{{ option('AuthorizedKeysCommand', 'none') }}
+{{ option('AuthorizedKeysCommandUser', 'nobody') }}
 
 # Don't read the user's ~/.rhosts and ~/.shosts files
 {{ option_default_uncommented('IgnoreRhosts', 'yes') }}

From a74d8599929de3972d35cd546074e983be5ad26f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Johannes=20L=C3=B6thberg?= <johannes@kyriasis.com>
Date: Sun, 2 Oct 2016 10:37:11 +0200
Subject: [PATCH 2/2] Add AuthorizedKeysCommand to pillar.example
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
---
 pillar.example | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pillar.example b/pillar.example
index e22873a..81c54ab 100644
--- a/pillar.example
+++ b/pillar.example
@@ -21,6 +21,8 @@ sshd_config:
   MaxSessions: 10
   RSAAuthentication: 'yes'
   PubkeyAuthentication: 'yes'
+  AuthorizedKeysCommand: '/usr/bin/sss_ssh_authorizedkeys'
+  AuthorizedKeysCommandUser: 'nobody'
   IgnoreRhosts: 'yes'
   RhostsRSAAuthentication: 'no'
   HostbasedAuthentication: 'no'