HomePhabricator

Add an optional "--sshd-key" argument to "bin/ssh-auth" for reading "%k" from…

Authored by epriestley on Sep 13 2019, 3:25 PM.

Description

Add an optional "--sshd-key" argument to "bin/ssh-auth" for reading "%k" from modern sshd

Summary: Depends on D20873. Ref T13436. Allow callers to configure "bin/ssh-auth --sshd-key %k" as an "AuthorizedKeysCommand"; if they do, and we recognize the key, emit just that key in the output.

Test Plan:

  • Used git pull locally, still worked fine.
  • Instrumented things, saw the public key lookup actually work and emit a single key.
  • Ran without "--sshd-key", got a full key list as before.

Maniphest Tasks: T13436

Differential Revision: https://secure.phabricator.com/D20874