

Surviving the SSHpocolypse - Kenan
https://github.com/blog/1212-surviving-the-sshpocolypse

======
akira2501
Maybe I'm missing something, but why would you patch SSH instead of just using
something like pam_mysql and nscd?

~~~
kijin
Previous, but still inconclusive, discussion about the same matter:

<https://news.ycombinator.com/item?id=895072>

------
viraptor
It's not clear from the post if they're still using a custom patch. It looks
like the fairly new option AuthorizedKeysCommand could save them some work,
since you can plug in an arbitrary external script that way.

