Re: Custom SSH Authentication
On Sep 7, 2012, at 3:04 PM, Alex Robbins wrote:
> I am looking to set up a custom SSH authentication system. I have a several
> RSA key pairs for my user, and I want to restrict ssh access based on which
> key pair is being used (not based on user name). On top of that, I want
> to restrict keys based on time of day. In short, a certain key can only be
> used at certain times, while another key works around the clock.
>
> I am also hoping to take it a step further and say that the restricted key
> (the one that only works at certain times) also requires that a pass phrase
> be provided that changes based on an arbitrary algorithm, perhaps involving
> the time of day or date.
>
> The concept is simple, so I was hoping that I could just write a bash script,
> but I don't know that there is any way to involve a bash script in the sshd
> authentication process. Another thought was to write a PAM module. I don't
> know how difficult that would be, and I have written C# under Windows, but
> I have not written C or C++. Or, maybe I missed something, and I actually
> don't have to write anything other than a configuration file?
>
> So, my question is, does anyone have any thoughts on how I should go about
> making this happen?
How about a cron job that moves keys in and out of the users' .ssh directories?
It might be sloppy in Bash, but Perl'd do it nicely. That would deal with the
times keys are 'valid', but not the pass phrases...
--
Glenn English
Reply to: