[Bug 1159] %u and %h not handled in IdentityFile
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed Feb 22 16:40:02 EST 2006
http://bugzilla.mindrot.org/show_bug.cgi?id=1159
Summary: %u and %h not handled in IdentityFile
Product: Portable OpenSSH
Version: 4.3p2
Platform: All
URL: http://www.math.ualberta.ca/imaging/snfs/openssh.html
OS/Version: Linux
Status: NEW
Keywords: patch
Severity: normal
Priority: P2
Component: ssh
AssignedTo: bitbucket at mindrot.org
ReportedBy: imaging at math.ualberta.ca
Here is a patch to allow private key files to be placed system wide (for all
users) in a secure (non-NFS) mounted location on systems where home directories
are NFS mounted. This addresses an important security hole on systems where
home directories are NFS mounted, particularly if there are users who use blank
passphrases (or when lpd is tunneled through ssh on systems running lpd as user
lp) instead of ssh-agent. IdentityFile now accepts the same %u, %h, %% options
that AuthorizedKeysFile accepts (see man sshd). For example, one can specify a
user-dependent IdentityFile in ssh_config:
IdentityFile /ssh/%u/id_rsa
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list