authorized_keys2 directory idea

Pekka Savola pekkas at
Tue Jun 5 18:53:39 EST 2001

On Tue, 5 Jun 2001, Damien Miller wrote:
> If you _really_ want key-per-file, why not write a small tool that
> can generate authorized_key{,2} from a key-per-file directory?

This is a very good idea, and IMO solves most of the problems brought up
here.  It's still a bit cumbersome to do that daily for 1000 users but
that's kind of a corner-case and can be, to some extent, be worked around
(e.g. do it in shell initscripts, not cron).

Personally, I write code to the community as much as myself, and if it
isn't going to used widely, I'm not going to do it.  This kind of tool
enables the best of the both worlds: if someone patches OpenSSH, no need
to run it; and it works with original OpenSSH too if someone wants the
functionality.  And the main code base can be kept smaller if that is the

An external non-privileged module run from cron if I may ;-)

I had hoped the thread started by me hadn't degenerated into this kind
of "deep discussion".  Oh well.

Pekka Savola                 "Tell me of difficulties surmounted,
Netcore Oy                   not those you stumble over and fall"
Systems. Networks. Security.  -- Robert Jordan: A Crown of Swords

More information about the openssh-unix-dev mailing list