On Mon, Mar 10, 2003 at 11:35:50PM +0100, martin f krafft wrote: > also sprach Colin Watson <[EMAIL PROTECTED]> [2003.03.10.1454 +0100]: > > Set 'LogLevel VERBOSE' in /etc/ssh/sshd_config and the key fingerprint > > will be syslogged. (This currently doesn't work for RSA1 keys due to a > > bug in privilege separation.) > > only DSA keys being used, so no problem. > > this is one step closer, but it's not really that great. the reason > why i want to enable it is because i want one unprivileged account to > do a certain task, and i would like to use the SSH key used to log in > to establish the security context of the task.
Oh, I see. Then you should use a forced command in ~/.ssh/authorized_keys, establishing the security context on the server side. For example, my dynamic DNS is set up using a passphraseless key and this line in the authorized_keys file on the server side: command="userv dyndns dyndns dynamic.greenend.org.uk riva",no-pty,no-port-forwarding 1024 35 ... (I could probably add some more restrictions in there.) The sshd(8) man page describes the format of authorized_keys. > does anyone here have a connection into the OpenSSH team and could > forward a feature request? i'd prefer not to enlist with the mailing > list... There are a lot of bugs against ssh in the Debian BTS, but I do forward bugs filed there to upstream as I get time. Cheers, -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
