Very interesting read.<p>GitHub explained in "How We Made GitHub Fast"(2009) [1] they patched their ssh daemon, so that it would do some lookups in a MySQL DB.<p>I wonder if daemons like OpenSSH now have some kind of plugin mechanism that lets one use their own lookup strategy.<p>[1]: <a href="https://github.com/blog/530-how-we-made-github-fast" rel="nofollow">https://github.com/blog/530-how-we-made-github-fast</a>
Question by someone who has no real knowledge about the ssh protocol - is using something like this secure? And if not, what can be done to make their implementation secure?<p>Separately, I don't know what other - if any - features a db-backed ssh server needs to provide. Is this all that is necessary?
Nice!<p><i>That’s two problems in one : we had to find a synchronization mechanism, and, sensitive data are spread out on several machines</i><p>I was confused by the implication that public keys are sensitive data. I guess the list of usernames and commands could be?
Worth noting that newer OpenSSH supports AuthorizedKeysCommand, which will call out to an external tool for key data.<p>Obviously this doesn't solve all problems, but it does provide a middle ground between flat keyfiles and rolling your own daemon.