open-infrastructure-service-tools/openssh/share/man/ssh-authorizedkeys-command.1

.\" Open Infrastructure: service-tools
.\"
.\" Copyright (C) 2014-2025 Daniel Baumann <daniel.baumann@open-infrastructure.net>
.\"
.\" SPDX-License-Identifier: GPL-3.0+
.\"
.\" This program is free software: you can redistribute it and/or modify
.\" it under the terms of the GNU General Public License as published by
.\" the Free Software Foundation, either version 3 of the License, or
.\" (at your option) any later version.
.\"
.\" This program is distributed in the hope that it will be useful,
.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
.\" GNU General Public License for more details.
.\"
.\" You should have received a copy of the GNU General Public License
.\" along with this program.  If not, see <https://www.gnu.org/licenses/>.
.\"
.
.
.nr rst2man-indent-level 0
.
.de1 rstReportMargin
\\$1 \\n[an-margin]
level \\n[rst2man-indent-level]
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
-
\\n[rst2man-indent0]
\\n[rst2man-indent1]
\\n[rst2man-indent2]
..
.de1 INDENT
.\" .rstReportMargin pre:
. RS \\$1
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
. nr rst2man-indent-level +1
.\" .rstReportMargin post:
..
.de UNINDENT
. RE
.\" indent \\n[an-margin]
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
.nr rst2man-indent-level -1
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SSH-AUTHORIZEDKEYS-COMMAND" "1"  service-tools "Open Infrastructure"
.SH NAME
ssh-authorizedkeys-command \- meta-command to get a users public key for authentication with openssh-server
.SH SYNOPSIS
.nf
\fBssh\-authorizedkeys\-command\fP USER
.fi
.sp
.SH DESCRIPTION
.sp
\fBssh\-authorizedkeys\-command\fP executes the user configured command in /etc/default/ssh\-authorizedkeys\-command.
.sp
The configured command in /etc/default/ssh\-authorizedkeys\-command can be manually edited, by calling \fBdpkg\-reconfigure open\-infrastructure\-openssh\-tools\fP (if available), or by editing /etc/default/ssh\-authorizedkeys\-command directly.
.sp
The configured command can use first argument given to ssh\-authorizedkeys\-command which is the user that the login is performed for by openssh. The command needs to return a valid public key (e.g. \(aqssh\-ed22519 [...]\(aq) which then gets used by openssh.
.SH EXAMPLE
.sp
When using LDAP with the \fBsshPublicKey\fP attribute, a valid command could look like this:
.INDENT 0.0
.INDENT 3.5
.nf

$(ldapsearch \-LLL \-x \-o ldif\-wrap=no \-H ldaps://ldap.example.org:636 \-b dc=example uid=\(dq${1}\(dq \(aqsshPublicKey\(aq | 
.in +2
awk \(aq/^sshPublicKey: / { print $2, $3 }\(aq)

.in -2
.fi
.sp
.UNINDENT
.UNINDENT
.SH FILES
.sp
The following files are used:
.INDENT 0.0
.TP
.B /etc/ssh/sshd_config.d/ssh\-authorizedkeys\-command:
openssh\-server configuration to enable ssh\-authorizedkeys\-command.
.TP
.B /etc/default/ssh\-authorizedkeys\-command
configuration file that contains the user configured command to be executed.
.TP
.B /usr/bin/ssh\-authorizedkeys\-command:
script that executes the user configured command to return the users public keys.
.UNINDENT
.SH SEE ALSO
.nf
sshd_config(5)
.fi
.sp
.SH HOMEPAGE
.sp
More information about service\-tools and the Open Infrastructure project can be
found on the homepage ( <https://open\-infrastructure.net> ).
.SH CONTACT
.sp
Bug reports, feature requests, help, patches, support and everything else are
welcome on the Open Infrastructure Software Mailing List
< <software@lists.open\-infrastructure.net> >.
.sp
Debian specific bugs can also be reported in the Debian Bug Tracking System
( <https://bugs.debian.org> ).
.SH AUTHORS
.sp
service\-tools were written by Daniel Baumann
< <daniel.baumann@open\-infrastructure.net> > and others.
.