[Bug 911747] Re: [Feature] Add AuthorizedKeysCommand to OpenSSH

[Colin Watson]

Red Hat may have different experiences, but I have been burned too many
times by adding patches to Debian/Ubuntu OpenSSH which add configuration
options, and then finding that upstream later adds them with different
names and now I have to retain compatibility forever.  As a result, I no
longer apply patches that add configuration options.  Please lobby
upstream if you want this patch to be included.

** Changed in: openssh (Ubuntu)
   Importance: Undecided => Wishlist

** Changed in: openssh (Ubuntu)
       Status: Confirmed => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/911747

Title:
  [Feature] Add AuthorizedKeysCommand to OpenSSH

Status in “openssh” package in Ubuntu:
  Triaged

Bug description:
  RedHat recently applied a patch to their OpenSSH server supporting a
  new configuration directive: AuthorizedKeysCommand

  For example:

  */etc/ssh/sshd_config*
  AuthorizedKeysCommand "/usr/libexec/openssh/ssh-pubkey-helper -s %u"

  In 'ssh-pubkey-helper' you can write custom code for looking up public
  keys.

  This is useful in large server environments when you don't want to
  overwrite the authorized_keys file on every server.

  We are running a couple of hundred Ubuntu servers and would like to
  see this patch in OpenSSH. It would give us (and other users) the
  benefit of having one central place where we maintain our
  authorization and accounting.

  The benefit for a lot of Ubuntu users will be great I think.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/911747/+subscriptions