authorized_keys2 directory idea

Rob Hagopian rob at
Tue Jun 5 00:41:44 EST 2001

On Mon, 4 Jun 2001, Markus Friedl wrote:

> On Mon, Jun 04, 2001 at 12:34:18AM -0400, Rob Hagopian wrote:
> > But v2 was around before OpenSSH... they fixed a lot of things
> > from v1 to v2, I liked that one and was disappointed to see openssh revert
> > back...
> i did not revert from their version.
> openssh is based on 1.2.12 and we improved 1.2.12.
> i never touched's v2, because it's not free software.
> many people refused to switch to's v2, not only because of
> the restrictive licence, but because all the configuration changed.
> remember, most of the ssh users are still v1 users.
> i'm not going to do this. and i won't support 10 different
> ways of specifying keys. this is openssh and not perl.
> moreover, i don't see much benefit for directories over files.

Indeed, you never did touch the code base, but you still had to add a
number of features/changes to the code to support v2. Even if you did an
entirely clean room implementation (something I happen to think is a good
idea) I'd still maintain that the ssh v2 ability to store keys as files
came (long) before openssh v2 support.

Why even cater to those people? Even the FreeBSD security notices
specificly mention that ssh v1 has inherent security problems. I don't
even see why it's turned on by default for a distribution that
superficially appears so security concious.

> > My suggestion was only to put it into /contrib... is that OK then?
> depends on the size of the patch. but if we have it in contrib,
> then ppl will start to expect this from core-openssh.

I won't claim that that's completely untrue, I notice a lot of emails from
people who want stuff from the portable code base to migrate back into
core. But I don't think it's fair, or even wise, to reject what three
users want (with the only objections coming from committers who don't want
it in the core code base) to leave it out of contrib...

And a number of files in contrib are actually required to build all the
packages for at least redhat. Since portable openssh distributes binaries
of these packages aren't those basicly required to work?

Finally, if you don't want it in the code dists, what about a webpage with
contrib patches? That would even give you an indication of popularity of
these patches. Shutting out contributed code like this can only hurt the
project in the long run...

More information about the openssh-unix-dev mailing list