authorized_keys2 directory idea

Mon Jun 4 07:08:15 EST 2001

My $0.02 is that I like it, and I find it easier to keep track of the keys
and where they came from by having a directory format... could we at least
put the patch in contrib?
								-Rob

On Sun, 3 Jun 2001, Markus Friedl wrote:

> On Sat, Jun 02, 2001 at 11:54:24AM +0300, Pekka Savola wrote:
> > Root would not be the only one to profit from this; you would only need to
> > copy the pubkey file in the right dir (with a descriptive name if you
> > like!), and authorization would work without file editing.  Also, if you
> > need to refresh just one key, you could just scp that one over, no need
> > to edit the file either.
>
> i don't understand why editing a file is hard.
> i think keeping a file in sync is simpler than
> syncing directories, especially deleting files.
>
> > What do you think -- would this be useful?  Bloat?  Could it be considered
> > to be merged if it was implemented?
>
> i don't think it's useful. ssh.com switched to a-key-per-file,
> but openssh and the traditional ssh use a-key-per-line
>
> and i don't want to support 2 different ways of doing things.
>
> > Btw, I noticed when comparing auth-rsa.c/auth2.c that auth2.c does not
> > print debug message:
> > --- openssh-cvs/auth2.c	Sat Jun  2 11:14:21 2001
> > +++ openssh.fix/auth2.c Sat Jun  2 11:13:40 2001
> > @@ -26,6 +28,8 @@
> >  	if (!f) {
> >  		/* Restore the privileged uid. */
> >  		restore_uid();
> > +		packet_send_debug("Could not open %.900s for reading.", file);
> > +		packet_send_debug("If your home is on an NFS volume, it may need to be world-readable.");
> >  		return 0;
> >  	}
> >  	if (options.strict_modes) {
> >
> > was this left out by design, or a leftover in auth-rsa.c ?
>
> they should be merged, and in the future, i don't
> want to see debug messages before a user is authenticated.
>