backdoor by authorized_keys2 leftovers
Darren Tucker
dtucker at zip.com.au
Fri May 20 10:24:53 EST 2011
On 16/05/11 12:51 PM, Damien Miller wrote:
[...]
> The latter is more clear for Match, but long lines are more likely to wrap
> and are harder to read in sshd_config.
>
> That being said, there is plenty of room for the common cases that I can
> think of:
>
> AuthorizedKeysFile .ssh/authorized_keys
> AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
> AuthorizedKeysFile /etc/ssh/authorized_keys/keys_%u .ssh/authorized_keys
>
> So maybe all-keys-on-one-line is better.
FWIW I agree with all-one-line as it's consistent with other (long)
config directives like Ciphers. The only place that I can think of
where we use multiple lines is Subsystem, and that's key-value pairs
rather than a simple list.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list