Merge pull request #72 from kyrias/AuthKeysCmd

Add AuthorizedKeysCommand support
2016-10-02 11:59:37 -07:00 · 2016-10-02 11:59:37 -07:00 · 8d1e730907
commit 8d1e730907
parent 329a762e01 a74d859992
2 changed files with 4 additions and 0 deletions
--- a/openssh/files/sshd_config
+++ b/openssh/files/sshd_config
@ -81,6 +81,8 @@
 {{ option_default_uncommented('RSAAuthentication', 'yes') }}
 {{ option_default_uncommented('PubkeyAuthentication', 'yes') }}
 {{ option('AuthorizedKeysFile', '%h/.ssh/authorized_keys') }}
+{{ option('AuthorizedKeysCommand', 'none') }}
+{{ option('AuthorizedKeysCommandUser', 'nobody') }}

 # Don't read the user's ~/.rhosts and ~/.shosts files
 {{ option_default_uncommented('IgnoreRhosts', 'yes') }}
--- a/pillar.example
+++ b/pillar.example
@ -21,6 +21,8 @@ sshd_config:
  MaxSessions: 10
  RSAAuthentication: 'yes'
  PubkeyAuthentication: 'yes'
+  AuthorizedKeysCommand: '/usr/bin/sss_ssh_authorizedkeys'
+  AuthorizedKeysCommandUser: 'nobody'
  IgnoreRhosts: 'yes'
  RhostsRSAAuthentication: 'no'
  HostbasedAuthentication: 'no'