authorized_keys2 directory idea

Pekka Savola pekkas at
Tue Jun 5 06:10:01 EST 2001

On Mon, 4 Jun 2001, Markus Friedl wrote:
> right now openssh is already a little bit too fat,
> since i did accept to many patches in the past :)
> so, perhaps, we should only add patches if the remove lines from
> openssh and make everything _simpler_.
> remember, this is a security program:
> 	"complexity is the enemy"

Too much simplicity will also hinder usability, unfortunately.  Some like
programs simpler than others; many think OpenBSD takes KISS paradigm
sometimes too far -- others like it that way.  The extent of features
optimally included depends on the application.  I consider ssh one of
those that needs more than the average.  Just my humble IMO of course.

It would be nice if it was possible to get the main ssh/sshd thinner, and
put more functionality in completely non-privileged "modules".  That way
security-critical code hopefully could be minimized and cleaned, while
keeping the usability and most features in.

Pekka Savola                 "Tell me of difficulties surmounted,
Netcore Oy                   not those you stumble over and fall"
Systems. Networks. Security.  -- Robert Jordan: A Crown of Swords

More information about the openssh-unix-dev mailing list