SSS_SSH_AUTHORIZEDKE - Online Linux Manual PageSection : 1
Updated : 01/26/2023
Source : SSSD
Note : SSSD Manual pages

NAMEsss_ssh_authorizedkeys − get OpenSSH authorized keys

SYNOPSISsss_ssh_authorizedkeys [options] USER

DESCRIPTIONsss_ssh_authorizedkeys acquires SSH public keys for user USER and outputs them in OpenSSH authorized_keys format (see the AUTHORIZED_KEYS FILE FORMAT section of sshd(8) for more information)​. sshd(8) can be configured to use sss_ssh_authorizedkeys for public key user authentication if it is compiled with support for AuthorizedKeysCommand option​. Please refer to the sshd_config(5) man page for more details about this option​. If AuthorizedKeysCommand is supported, sshd(8) can be configured to use it by putting the following directives in sshd_config(5): AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys AuthorizedKeysCommandUser nobody

KEYS FROM CERTIFICATESIn addition to the public SSH keys for user USER sss_ssh_authorizedkeys can return public SSH keys derived from the public key of a X​.509 certificate as well​. To enable this the ssh_use_certificate_keys option must be set to true (default) in the [ssh] section of sssd​.conf​. If the user entry contains certificates (see ldap_user_certificate in sssd-ldap(5) for details) or there is a certificate in an override entry for the user (see sss_override(8) or sssd-ipa(5) for details) and the certificate is valid SSSD will extract the public key from the certificate and convert it into the format expected by sshd​. Besides ssh_use_certificate_keys the options •  ca_db •  p11_child_timeout •  certificate_verification can be used to control how the certificates are validated (see sssd.conf(5) for details)​. The validation is the benefit of using X​.509 certificates instead of SSH keys directly because e​.g​. it gives a better control of the lifetime of the keys​. When the ssh client is configured to use the private keys from a Smartcard with the help of a PKCS#11 shared library (see ssh(1) for details) it might be irritating that authentication is still working even if the related X​.509 certificate on the Smartcard is already expired because neither ssh nor sshd will look at the certificate at all​. It has to be noted that the derived public SSH key can still be added to the authorized_keys file of the user to bypass the certificate validation if the sshd configuration permits this​.

OPTIONS−d,−−domain DOMAIN Search for user public keys in SSSD domain DOMAIN​. −?,−−help Display help message and exit​.

EXIT STATUSIn case of success, an exit value of 0 is returned​. Otherwise, 1 is returned​.

SEE ALSOsssd(8), sssd.conf(5), sssd-ldap(5), sssd-krb5(5), sssd-simple(5), sssd-ipa(5), sssd-ad(5), sssd-files(5), sssd-sudo(5), sssd-session-recording(5), sss_cache(8), sss_debuglevel(8), sss_obfuscate(8), sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8), sss_ssh_knownhostsproxy(8), sssd-ifp(5), pam_sss(8)​. sss_rpcidmapd(5) sssd-systemtap(5)

AUTHORSThe SSSD upstream − https://github​.com/SSSD/sssd/
0
Johanes Gumabo
Data Size   :   15,101 byte
man-sss_ssh_authorizedkeys.1Build   :   2024-12-05, 20:55   :  
Visitor Screen   :   x
Visitor Counter ( page / site )   :   2 / 198,597
Visitor ID   :     :  
Visitor IP   :   3.147.67.237   :  
Visitor Provider   :   AMAZON-02   :  
Provider Position ( lat x lon )   :   39.962500 x -83.006100   :   x
Provider Accuracy Radius ( km )   :   1000   :  
Provider City   :   Columbus   :  
Provider Province   :   Ohio ,   :   ,
Provider Country   :   United States   :  
Provider Continent   :   North America   :  
Visitor Recorder   :   Version   :  
Visitor Recorder   :   Library   :  
Online Linux Manual Page   :   Version   :   Online Linux Manual Page - Fedora.40 - march=x86-64 - mtune=generic - 24.12.05
Online Linux Manual Page   :   Library   :   lib_c - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Online Linux Manual Page   :   Library   :   lib_m - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Data Base   :   Version   :   Online Linux Manual Page Database - 24.04.13 - march=x86-64 - mtune=generic - fedora-38
Data Base   :   Library   :   lib_c - 23.02.07 - march=x86-64 - mtune=generic - fedora.36

Very long time ago, I have the best tutor, Wenzel Svojanovsky . If someone knows the email address of Wenzel Svojanovsky , please send an email to johanes_gumabo@yahoo.co.id .
If error, please print screen and send to johanes_gumabo@yahoo.co.id
Under development. Support me via PayPal.