authorized_keys2 directory idea
Markus Friedl
markus.friedl at informatik.uni-erlangen.de
Tue Jun 5 01:57:50 EST 2001
On Mon, Jun 04, 2001 at 12:52:50AM +0300, Pekka Savola wrote:
> Yes, keeping a file 100% in sync is way easier. But in real situations,
> you're often faced by the fact that e.g. 60-90% of the keys are the same,
> and the rest vary. Then syncing is a bit more difficult. Editing is also
> a bigger (ie: interactive) process when it has to be done on many hosts.
>
> A problem is backup files if you edit keys with an editor, ie. ones ending
> to e.g. ~ or # (depending on the editor). Then if you just delete the
> base key, the results might be unexpected. To counter this, filenames
> would be scanned and only those that contain only legal characters would
> pass.
yes, you name one of problems that appear with one-key-per-file.
it's also simpler to monitor a single file for changes.
it's easier to introduce races if you use multiple files.
but the main reason is:
there won't be 2 different ways for doing the same thing and
we won't drop the old scheme
so we will not use a-key-per-file
> > > What do you think -- would this be useful? Bloat? Could it be considered
> > > to be merged if it was implemented?
> >
> > i don't think it's useful. ssh.com switched to a-key-per-file,
> > but openssh and the traditional ssh use a-key-per-line
>
> I wasn't aware ssh.com is doing something like this too. So it might be
> something to be done sooner or later, though.
no, i don't think that we should try to clone their implementaion.
More information about the openssh-unix-dev
mailing list