Verbose messaging about why public key auth was rejected

Damien Miller djm at mindrot.org
Sun Feb 4 09:22:49 EST 2007


On Tue, 30 Jan 2007, Ryan Findley wrote:

> My question: is there a way to have ssh and/or sshd tell you WHY a  
> public key is being rejected (specifically the permissions thing)?
> If so, can someone point me at a good document? I'm using OpenSSH  
> 3.9p1 under RHEL4 (at the moment) and can upgrade if it's in a newer  
> version.
> If not, would the OpenSSH team consider adding this feature? I'm  
> betting I could probably manage the changes necessary, and submit a  
> patch...

I don't think we want to tell the client exactly what is wrong
wrt authorized_keys permissions. How do you know the client is not
evil before you tell them that their authorized_keys is word-writable?

-d


More information about the openssh-unix-dev mailing list