[Feature] Add AuthorizedKeysCommand to OpenSSH

A quote from the man page from RHEL6 ( or CentOS 6 ):

    AuthorizedKeysCommand
             Specifies a program to be used for lookup of the user’s public keys. The pro-
             gram will be invoked with its first argument the name of the user being autho-
             rized, and should produce on standard output AuthorizedKeys lines (see AUTHO-
             RIZED_KEYS in sshd(8)). By default (or when set to the empty string) there is
             no AuthorizedKeysCommand run. If the AuthorizedKeysCommand does not success-
             fully authorize the user, authorization falls through to the Authorized-
             KeysFile. Note that this option has an effect only with PubkeyAuthentication
             turned on.

     AuthorizedKeysCommandRunAs
             Specifies the user under whose account the AuthorizedKeysCommand is run. Empty
             string (the default value) means the user being authorized is used. “”

Status changed to 'Confirmed' because the bug affects multiple users.

The attachment "The RedHat patch for OpenSSH" of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-reviewers team please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

Red Hat may have different experiences, but I have been burned too many times by adding patches to Debian/Ubuntu OpenSSH which add configuration options, and then finding that upstream later adds them with different names and now I have to retain compatibility forever. As a result, I no longer apply patches that add configuration options. Please lobby upstream if you want this patch to be included.

I realize this isn't going to happen in Ubuntu, but for those looking to patch openssh themselves, here's more up-to-date patch for use with 5.9p1.

«Lobby upstream» means here: https://bugzilla.mindrot.org/show_bug.cgi?id=1663

Unfortunately there is also no one responsible for it, as it seems and it hangs around since years, same as here. :-(

I need to get the authorized keys from LDAP, so I need either the LPK-patch or this AuthorizedKeysCommand-patch.

See also my repository for patched builds: http://marc.wäckerlin.ch/computer/blog/ssh_and_ldap

LPK patch is also orphaned here: http://code.google.com/p/openssh-lpk

So everything is working, but hanging around for years in the maintainers bug tracking ... really an awful situation! Praise RedHat for at least doing something!

Looks like upstream accepted the patch.
https://bugzilla.mindrot.org/show_bug.cgi?id=1663#c32
Hooray!

So it would be available in Saucy proposed

https://launchpad.net/ubuntu/+source/openssh/1:6.2p1-1

....

closing as fixed then