ssh and sudoers updates for AD.

.gitattributesdb

@@ -647,36 +647,36 @@ b3B0L3NiaW4vcHVzaG92ZXItY2xpZW50 1776109038.971357814 1776109038.971357814 root:
 b3B0 1776109409.270887344 1771501851.000000000 root:root 0755 - -
 c2Jpbg== 1773131431.000000000 1773131431.000000000 root:root 0777 - -
 b3B0L3NiaW4vdGVycmFmb3JtLWh0dHAtYmFja2VuZA== 1776109058.715119389 1776109058.715119389 root:root 0777 - -
-cm9vdA== 1776349160.392100887 1771512801.616005200 root:root 0755 - -
+cm9vdA== 1776349264.118852336 1771512801.616005200 root:root 0755 - -
 cm9vdC8uYmFzaF9sb2dvdXQ= 1757582867.000000000 1757582867.000000000 root:root 0644 - -
-cm9vdA== 1776349160.392100887 1771512801.616005200 root:root 0755 - -
+cm9vdA== 1776349264.118852336 1771512801.616005200 root:root 0755 - -
 cm9vdC8uYmFzaF9wcm9maWxl 1757584711.000000000 1757584711.000000000 root:root 0644 - -
-cm9vdA== 1776349160.392100887 1771512801.616005200 root:root 0755 - -
+cm9vdA== 1776349264.118852336 1771512801.616005200 root:root 0755 - -
 cm9vdC8uYmFzaHJj 1775582233.723180133 1757586493.000000000 root:root 0644 - -
-cm9vdA== 1776349160.392100887 1771512801.616005200 root:root 0755 - -
+cm9vdA== 1776349264.118852336 1771512801.616005200 root:root 0755 - -
 cm9vdC8uZ2l0Y29uZmln 1757582738.000000000 1757582738.000000000 root:root 0644 - -
-cm9vdA== 1776349160.392100887 1771512801.616005200 root:root 0755 - -
+cm9vdA== 1776349264.118852336 1771512801.616005200 root:root 0755 - -
 cm9vdC8uZ2l0aWdub3Jl 1774104492.728356672 1757600312.000000000 root:root 0644 - -
-cm9vdA== 1776349160.392100887 1771512801.616005200 root:root 0755 - -
+cm9vdA== 1776349264.118852336 1771512801.616005200 root:root 0755 - -
 LmxvY2Fs  - -
 c2hhcmU=  - -
 bmFubw==  - -
 cm9vdC8ubG9jYWwvc2hhcmUvbmFuby8uZ2l0aWdub3Jl 1757586210.000000000 1757586210.000000000 root:root 0644 - -
-cm9vdA== 1776349160.392100887 1771512801.616005200 root:root 0755 - -
+cm9vdA== 1776349264.118852336 1771512801.616005200 root:root 0755 - -
 cm9vdC8ubmFub3Jj 1757585756.000000000 1757585756.000000000 root:root 0644 - -
-cm9vdA== 1776349160.392100887 1771512801.616005200 root:root 0755 - -
+cm9vdA== 1776349264.118852336 1771512801.616005200 root:root 0755 - -
 LnNzaA==  - -
 cm9vdC8uc3NoLy5naXRpZ25vcmU= 1757593349.000000000 1757593349.000000000 root:root 0644 - -
-cm9vdA== 1776349160.392100887 1771512801.616005200 root:root 0755 - -
+cm9vdA== 1776349264.118852336 1771512801.616005200 root:root 0755 - -
 LnNzaA==  - -
 cm9vdC8uc3NoL2F1dGhvcml6ZWRfa2V5cw== 1757587611.000000000 1757587611.000000000 root:root 0644 - -
-cm9vdA== 1776349160.392100887 1771512801.616005200 root:root 0755 - -
+cm9vdA== 1776349264.118852336 1771512801.616005200 root:root 0755 - -
 c3R1ZmYtdG8ta2VlcA==  - -
 cm9vdC9zdHVmZi10by1rZWVwL2NsZWFuLWZk 1758994151.000000000 1758992264.000000000 root:root 0755 - -
-cm9vdA== 1776349160.392100887 1771512801.616005200 root:root 0755 - -
+cm9vdA== 1776349264.118852336 1771512801.616005200 root:root 0755 - -
 c3R1ZmYtdG8ta2VlcA==  - -
 cm9vdC9zdHVmZi10by1rZWVwL2R1bW15LWRlZmF1bHQtbXRh 1762020478.278412865 1762020215.034844513 root:root 0644 - -
-cm9vdA== 1776349160.392100887 1771512801.616005200 root:root 0755 - -
+cm9vdA== 1776349264.118852336 1771512801.616005200 root:root 0755 - -
 c3R1ZmYtdG8ta2VlcA==  - -
 cm9vdC9zdHVmZi10by1rZWVwL2R1bW15LWRlZmF1bHQtbXRhXzAuMC4xX2FsbC5kZWI= 1762020499.466056182 1762020499.458056317 root:root 0644 - -
 dXNy 1774997839.417383939 1771501851.000000000 root:root 0755 - -

etc/ssh/sshd_config

@@ -9,3 +9,9 @@ PermitRootLogin			prohibit-password
 StreamLocalBindUnlink		yes
 Subsystem			sftp	internal-sftp
 X11Forwarding			no
+
+Match Group "System Admins"
+  AuthorizedKeysCommand		/usr/bin/sss_ssh_authorizedkeys
+  AuthorizedKeysCommandUser	root
+  AuthenticationMethods		"publickey"
+  # ,password"

etc/sudoers.d/root-access

@@ -5,4 +5,4 @@ tadgy ALL=(root) ALL
 sysadmin ALL=(root) NOPASSWD: ALL
 
 ## Allow the Active Directory domain administrators access to root without a password.
-%Domain\ Admins@slackware.uk.internal ALL=(root) NOPASSWD: ALL
+%Systems\ Admins@slackware.uk.internal ALL=(root) NOPASSWD: ALL