1# $OpenBSD: keys-command.sh,v 1.2 2012/12/06 06:06:54 dtucker Exp $ 2# Placed in the Public Domain. 3 4tid="authorized keys from command" 5 6if test -z "$SUDO" ; then 7 echo "skipped (SUDO not set)" 8 echo "need SUDO to create file in /var/run, test won't work without" 9 exit 0 10fi 11 12# Establish a AuthorizedKeysCommand in /var/run where it will have 13# acceptable directory permissions. 14# Apple: 15# On OS X Mavricks, /var/run is writable by group daemon 16# which is not allowed by sshd for AuthorizedKeysCommand 17# so use /var/ssh-test 18$SUDO mkdir -m 0755 /var/ssh-test 19 20KEY_COMMAND="/var/ssh-test/keycommand_${LOGNAME}" 21cat << _EOF | $SUDO sh -c "cat > '$KEY_COMMAND'" 22#!/bin/sh 23test "x\$1" != "x${LOGNAME}" && exit 1 24exec cat "$OBJ/authorized_keys_${LOGNAME}" 25_EOF 26$SUDO chmod 0755 "$KEY_COMMAND" 27 28cp $OBJ/sshd_proxy $OBJ/sshd_proxy.bak 29( 30 grep -vi AuthorizedKeysFile $OBJ/sshd_proxy.bak 31 echo AuthorizedKeysFile none 32 echo AuthorizedKeysCommand $KEY_COMMAND 33 echo AuthorizedKeysCommandUser ${LOGNAME} 34) > $OBJ/sshd_proxy 35 36if [ -x $KEY_COMMAND ]; then 37 ${SSH} -F $OBJ/ssh_proxy somehost true 38 if [ $? -ne 0 ]; then 39 fail "connect failed" 40 fi 41else 42 echo "SKIPPED: $KEY_COMMAND not executable (/var/run mounted noexec?)" 43fi 44 45$SUDO rm -f $KEY_COMMAND 46#Apple: 47$SUDO rm -rf /var/ssh-test 48