authorized_keys2 directory idea

Damien Miller djm at mindrot.org
Tue Jun 5 13:34:21 EST 2001


On Mon, 4 Jun 2001, Rob Hagopian wrote:

> I'm surprised you're advocating the use of sed on authorized_keys files!
>
> It's pretty sick, but: cat keys/* | sort | uniq | sed | split -l 1
> But of course you lose filenames... you might be able to pull them out of
> the comment field... but the point isn't to make it more difficult...

Not much, it probably took you all of 10 seconds to write the previous
paragraph. It would take even less if you make is a script.

> How do you see the time a key was added to your single file? Can you track
> individual key changes through utils like tripwire? How about making some
> keys immutable but allowing others to be updated? Can I make a symlink to
> a common public key that root updates?

If you have special needs, patch your own source. Most of what you ask for
could be accomplished by teaching key_read() to ignore everything after
the '#' character (It may already) - you could dump whatever other
information you require in there.

-d

-- 
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org          /   distributed filesystem'' - Dan Geer




More information about the openssh-unix-dev mailing list