1. I append the following lines to sshd_config:
2. /usr/local/bin/keylist code as follow:
3.
4. upload ssh pub key to 10.0.0.2 /tmp/git.pub
5. run
6.
the ssh client show info:
the sshd show errors:
these actions on the FreeBSD 12.0-RELEASE r341666 GENERIC amd64。
Code:
Match User git
AllowUsers git
AuthorizedKeysCommand /usr/local/bin/keylist %u
AuthorizedKeysCommandUser git
AuthorizedKeysFile none
AuthenticationMethods publickey
PermitRootLogin no
PasswordAuthentication no
PermitTTY no
AllowAgentForwarding no
AllowTcpForwarding no
GatewayPorts no
PermitOpen none
PermitTunnel no
X11Forwarding no
2. /usr/local/bin/keylist code as follow:
Bash:
#!/bin/sh
[ $# -ne 1 ] && { echo "Usage: $0 userid" >&2; exit 1; }
case "$1" in
jjolie)
# this is just a joke; don't take this seriously, and if you
# do, make sure you have some sort of cache in case your
# internet goes kaputt
curl -sf https://api.github.com/users/jjolie/keys |
jq -r '.[].key'
;;
*)
keyfile="/tmp/$1.pub"
[ -f $keyfile ] && cat $keyfile
;;
esac
ls -l /usr/local/bin/keylist
Code:
-rwxr-xr-x 1 root wheel 413 Apr 23 14:53 /usr/local/bin/keylist
3.
adduser
add git
user as general4. upload ssh pub key to 10.0.0.2 /tmp/git.pub
ls -l /tmp/git.pub
Code:
-rw-r--r-- 1 root wheel 400 Apr 23 15:30 /tmp/git.pub
5. run
/usr/sbin/sshd -ddd -f /etc/ssh/sshd_config
6.
ssh -T git@10.0.0.2
the ssh client show info:
Code:
git@10.0.0.2: Permission denied (publickey).
the sshd show errors:
Code:
debug3: subprocess: AuthorizedKeysCommand command "/usr/local/bin/keylist git" running as git (flags 0x6)
Unsafe AuthorizedKeysCommand "/usr/local/bin/keylist": bad ownership or modes for directory /
debug3: mm_answer_keyallowed: publickey authentication test: RSA key is not allowed
Failed publickey for git from 10.0.0.1 port 59070 ssh2: RSA SHA256:wRcl3ZZtnX9lIH//ye8HrAhC5aNZPa7FWcNp7fwlgg0