|
|
|
|
|
|
by _Soulou
4219 days ago
|
|
|
Hi j_s, By sensitive data, we meant part of the identity of all our users (there is quite often user@host at the end of the public keys sent by our users), and the second point is linked to the internal commands. In the `command="ssh-handler" ssh-rsa....` the command doesn't receive the SSH public key as argument, so we would have to provide additional information like:
`command="ssh-handler <user_id|username|key_id>" ssh-rsa....`
So yes, if we have a way to avoid having a copy of that on all our servers able to authenticate users, we take it! |
|
|