1# $OpenBSD: keys-command.sh,v 1.2 2012/12/06 06:06:54 dtucker Exp $ 2# Placed in the Public Domain. 3 4tid="authorized keys from command" 5 6if test -z "$SUDO" ; then 7 echo "skipped (SUDO not set)" 8 echo "need SUDO to create file in /var/run, test won't work without" 9 exit 0 10fi 11 12# Establish a AuthorizedKeysCommand in /var/run where it will have 13# acceptable directory permissions. 14KEY_COMMAND="/var/run/keycommand_${LOGNAME}" 15cat << _EOF | $SUDO sh -c "cat > '$KEY_COMMAND'" 16#!/bin/sh 17test "x\$1" != "x${LOGNAME}" && exit 1 18exec cat "$OBJ/authorized_keys_${LOGNAME}" 19_EOF 20$SUDO chmod 0755 "$KEY_COMMAND" 21 22cp $OBJ/sshd_proxy $OBJ/sshd_proxy.bak 23( 24 grep -vi AuthorizedKeysFile $OBJ/sshd_proxy.bak 25 echo AuthorizedKeysFile none 26 echo AuthorizedKeysCommand $KEY_COMMAND 27 echo AuthorizedKeysCommandUser ${LOGNAME} 28) > $OBJ/sshd_proxy 29 30if [ -x $KEY_COMMAND ]; then 31 ${SSH} -F $OBJ/ssh_proxy somehost true 32 if [ $? -ne 0 ]; then 33 fail "connect failed" 34 fi 35else 36 echo "SKIPPED: $KEY_COMMAND not executable (/var/run mounted noexec?)" 37fi 38 39$SUDO rm -f $KEY_COMMAND 40