authorized_keys2 directory idea

Markus Friedl markus.friedl at
Sun Jun 3 19:46:04 EST 2001

On Sat, Jun 02, 2001 at 11:54:24AM +0300, Pekka Savola wrote:
> Root would not be the only one to profit from this; you would only need to
> copy the pubkey file in the right dir (with a descriptive name if you
> like!), and authorization would work without file editing.  Also, if you
> need to refresh just one key, you could just scp that one over, no need
> to edit the file either.

i don't understand why editing a file is hard.
i think keeping a file in sync is simpler than
syncing directories, especially deleting files.

> What do you think -- would this be useful?  Bloat?  Could it be considered
> to be merged if it was implemented?

i don't think it's useful. switched to a-key-per-file, 
but openssh and the traditional ssh use a-key-per-line

and i don't want to support 2 different ways of doing things.

> Btw, I noticed when comparing auth-rsa.c/auth2.c that auth2.c does not
> print debug message:
> --- openssh-cvs/auth2.c	Sat Jun  2 11:14:21 2001
> +++ openssh.fix/auth2.c Sat Jun  2 11:13:40 2001
> @@ -26,6 +28,8 @@
>  	if (!f) {
>  		/* Restore the privileged uid. */
>  		restore_uid();
> +		packet_send_debug("Could not open %.900s for reading.", file);
> +		packet_send_debug("If your home is on an NFS volume, it may need to be world-readable.");
>  		return 0;
>  	}
>  	if (options.strict_modes) {
> was this left out by design, or a leftover in auth-rsa.c ?

they should be merged, and in the future, i don't
want to see debug messages before a user is authenticated.

More information about the openssh-unix-dev mailing list