1# $OpenBSD: keys-command.sh,v 1.2 2012/12/06 06:06:54 dtucker Exp $ 2# Placed in the Public Domain. 3 4tid="authorized keys from command" 5 6if [ -z "$SUDO" ]; then 7 fatal "need SUDO to create file in /var/run, test won't work without" 8fi 9 10# Establish a AuthorizedKeysCommand in /var/run where it will have 11# acceptable directory permissions. 12KEY_COMMAND="/var/run/keycommand_${LOGNAME}" 13cat << _EOF | $SUDO sh -c "cat > '$KEY_COMMAND'" 14#!/bin/sh 15test "x\$1" != "x${LOGNAME}" && exit 1 16exec cat "$OBJ/authorized_keys_${LOGNAME}" 17_EOF 18$SUDO chmod 0755 "$KEY_COMMAND" 19 20cp $OBJ/sshd_proxy $OBJ/sshd_proxy.bak 21( 22 grep -vi AuthorizedKeysFile $OBJ/sshd_proxy.bak 23 echo AuthorizedKeysFile none 24 echo AuthorizedKeysCommand $KEY_COMMAND 25 echo AuthorizedKeysCommandUser ${LOGNAME} 26) > $OBJ/sshd_proxy 27 28if [ -x $KEY_COMMAND ]; then 29 ${SSH} -F $OBJ/ssh_proxy somehost true 30 if [ $? -ne 0 ]; then 31 fail "connect failed" 32 fi 33else 34 echo "SKIPPED: $KEY_COMMAND not executable (/var/run mounted noexec?)" 35fi 36 37$SUDO rm -f $KEY_COMMAND 38