ExposeAuthInfo=yes
AuthorizedKeysCommandUser=root
AuthorizedKeysCommand=/bin/sh -c '[ -x "$0" ] && echo "restrict,pty,command=\\"$0 $*\\" %t %k"' "%h/.ssh/AnonymousAccessCommand" "%f"
# This will break if a user's $HOME contains a double quote. Sorry not sorry.

# This simpler version works:
# AuthorizedKeysCommand=/bin/echo 'restrict,pty,command="%h/.ssh/AnonymousAccessCommand" %t %k'
#
# But that interferes with login failures on accounts that don't have that file.
#
# So a shell script is used that checks to make sure the file exists for the
# user before generating any auth line.