lizthegrey
commented
5 years ago Thanks to @elly for her comments on this and help debugging. C is hard.
Closed lizthegrey closed 5 years ago
lizthegrey
commented
5 years ago Thanks to @elly for her comments on this and help debugging. C is hard.
lizthegrey
commented
5 years ago Honeycomb.io has deployed these changes in production and has confirmed they work.
lizthegrey
commented
5 years ago Ping - any luck looking at this @jbeverly?
jbeverly
commented
5 years ago Hoping to get to it this weekend after badmath day.
lizthegrey
commented
5 years ago Excellent, thanks!
jbeverly
commented
5 years ago My weekend went sideways. Hopefully this week or weekend. Sorry!
lizthegrey
commented
5 years ago No worries, volunteer time is always a scarce thing to find :)
lizthegrey
commented
5 years ago First off, sorry for taking so long to get this reviewed. The good news is, it looks pretty good overall.
As with all spare time projects, it takes multiple weeks between passes on either of our parts ;) sorry for the delay here in turn!
I do have some requested changes, nothing too major. One semi-paranoid ask, and then some less paranoid, more practical suggestions.
Addressed.
However, those aside the biggest thing I'd like added is updates to the docs explaining the new capability, how to use it, and with the extra check for being in an sshd service, how to configure it.
Adding. Will re-request review from you when done.
Also, feel free to add yourself to the
CONTRIBUTORSfile if you wish.
Done.
lizthegrey
commented
5 years ago Gentle ping :)
lizthegrey
commented
5 years ago :tada:
If
SSH_AUTH_INFO_0is present in the PAM environment (which openssh-7.6 and newer will do forsessionandaccount, and patched openssh will also do forauth), then check the already-validated public key(s) from thepublickeymethod against our list of keys authorized for this PAM module.Addresses #14.