authorized_keys2 directory idea
Markus Friedl
markus.friedl at informatik.uni-erlangen.de
Sun Jun 3 19:46:04 EST 2001
On Sat, Jun 02, 2001 at 11:54:24AM +0300, Pekka Savola wrote:
> Root would not be the only one to profit from this; you would only need to
> copy the pubkey file in the right dir (with a descriptive name if you
> like!), and authorization would work without file editing. Also, if you
> need to refresh just one key, you could just scp that one over, no need
> to edit the file either.
i don't understand why editing a file is hard.
i think keeping a file in sync is simpler than
syncing directories, especially deleting files.
> What do you think -- would this be useful? Bloat? Could it be considered
> to be merged if it was implemented?
i don't think it's useful. ssh.com switched to a-key-per-file,
but openssh and the traditional ssh use a-key-per-line
and i don't want to support 2 different ways of doing things.
> Btw, I noticed when comparing auth-rsa.c/auth2.c that auth2.c does not
> print debug message:
> --- openssh-cvs/auth2.c Sat Jun 2 11:14:21 2001
> +++ openssh.fix/auth2.c Sat Jun 2 11:13:40 2001
> @@ -26,6 +28,8 @@
> if (!f) {
> /* Restore the privileged uid. */
> restore_uid();
> + packet_send_debug("Could not open %.900s for reading.", file);
> + packet_send_debug("If your home is on an NFS volume, it may need to be world-readable.");
> return 0;
> }
> if (options.strict_modes) {
>
> was this left out by design, or a leftover in auth-rsa.c ?
they should be merged, and in the future, i don't
want to see debug messages before a user is authenticated.
More information about the openssh-unix-dev
mailing list