Lennart Poettering
Lennart Poettering
> Pulling authorized keys from userdb should have to be explicitly configured by the admin and should not be enabled by default. ssh keys must be explicitly added to user...
@tYYGH there must be some misunderstanding: AuthorizedKeysCommand is tried *in* *addition* *to* AuthorizedKeysFile by sshd. or in other words, intrepretation of your authorized_keys file is independent of the issue discussed...
btw, 7a3a49386cc49d3971531ea24efb84232c05cc86 has been merged, to clarify NEWS a bit.
btw, as i understand there are exactly two relevant other implementations around for AuthorizedKeysCommand, both from the general direction of RH, and probably not much used elsewhere: sssd + fcos....
> Though this is just layering yet more complexity on top of what is a seemingly simple sshd RFE. (And in fact, https://github.com/coreos/ssh-key-dir itself is just working around sshd not...
what do you expect "run0 [email protected]" would even do? if you want to run something as user "foo" on the local host use "run0 -u foo" (and if you want...
> The output of `man run0` claims that this syntax should be supported. This doesn't match the current behavior, as a `@` isn't handled at all. If it doesn't make...
Fix waiting in #37741
Uh. Sorry. But no. User code should not run outside of a PAM session, since it will be outside of logind's supervision, resource management, security settings and so on. Sorry,...
> Hmm, I'm not following. `systemd-run -M.host -PGq --wait -pUser=foo systemd-stdio-bridge [email protected]` spawns a transient unit that runs under the control of PID1 and as "foo" user. That's basiclally like...