[Bug 2932] New: Support customised AuthorizedKeysFile on the remote host

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue Nov 20 06:37:31 AEDT 2018


https://bugzilla.mindrot.org/show_bug.cgi?id=2932

            Bug ID: 2932
           Summary: Support customised AuthorizedKeysFile on the remote
                    host
           Product: Portable OpenSSH
           Version: 7.9p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh-copy-id
          Assignee: unassigned-bugs at mindrot.org
          Reporter: john at nextraweb.com

Created attachment 3207
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3207&action=edit
[PATCH] Support for sshd authorizedkeysfile variable

For servers that do not default to ~/.ssh/authorized_keys, adding keys
to their specific file requires further steps to fix on the host.

It’s possible once ssh’d into a box to run `sshd -T` to get the
variable for authorized_keys for this user, so this supplied patch does
that. Patch also does expansion for %%, %u, %h, and tries to default
back to ~/.ssh/authorized_keys if there is a failure.

My concern, though, is that even though the sshd_config manfile
suggests quotation support (Arguments may optionally be enclosed in
double quotes (") in order to represent arguments containing spaces.)
for these variables, the output of `sshd -T` is bare:

john at hydrogen ~ ❯ grep AuthorizedKeysFile /etc/ssh/sshd_config
AuthorizedKeysFile      "quoted file name"
settings/config/ssh/authorized_keys
john at hydrogen ~ ❯ sshd -T 2> /dev/null | grep authorizedkeysfile
authorizedkeysfile quoted file name settings/config/ssh/authorized_keys
john at hydrogen ~ ❯ sshd -v
OpenSSH_7.6p1 Ubuntu-4ubuntu0.1, OpenSSL 1.0.2n  7 Dec 2017

Which suggests this patch is not good enough as it is to support these
configurations.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list