1 files changed, 13 insertions, 0 deletions
diff --git a/OpenSSH_Anonymous_Access/anonymous-access.conf b/OpenSSH_Anonymous_Access/anonymous-access.conf
new file mode 100644
index 0000000..7329eb0
--- /dev/null
+++ b/OpenSSH_Anonymous_Access/anonymous-access.conf
@@ -0,0 +1,13 @@
+ExposeAuthInfo=yes
+AuthorizedKeysCommandUser=root
+AuthorizedKeysCommand=/bin/sh -c '[ -x "$0" ] && echo "restrict,pty,command=\\"$0 $*\\" %t %k"' "%h/.ssh/AnonymousAccessCommand" "%f"
+# This will break if a user's $HOME contains a double quote. Sorry not sorry.
+# This simpler version works:
+# AuthorizedKeysCommand=/bin/echo 'restrict,pty,command="%h/.ssh/AnonymousAccessCommand" %t %k'
+#
+# But that interferes with login failures on accounts that don't have that file.
+#
+# So a shell script is used that checks to make sure the file exists for the
+# user before generating any auth line.

diff --git a/OpenSSH_Anonymous_Access/anonymous-access.conf b/OpenSSH_Anonymous_Access/anonymous-access.conf new file mode 100644 index 0000000..7329eb0 --- /dev/null +++ b/OpenSSH_Anonymous_Access/anonymous-access.conf
@@ -0,0 +1,13 @@
	1	ExposeAuthInfo=yes
	2	AuthorizedKeysCommandUser=root
	3	AuthorizedKeysCommand=/bin/sh -c '[ -x "$0" ] && echo "restrict,pty,command=\\"$0 $*\\" %t %k"' "%h/.ssh/AnonymousAccessCommand" "%f"
	4	# This will break if a user's $HOME contains a double quote. Sorry not sorry.
	5
	6	# This simpler version works:
	7	# AuthorizedKeysCommand=/bin/echo 'restrict,pty,command="%h/.ssh/AnonymousAccessCommand" %t %k'
	8	#
	9	# But that interferes with login failures on accounts that don't have that file.
	10	#
	11	# So a shell script is used that checks to make sure the file exists for the
	12	# user before generating any auth line.
	13