backdoor by authorized_keys2 leftovers

Jim Knoble jmknoble at
Fri May 20 12:26:46 EST 2011

On May 19, 2011, at 17:24, Darren Tucker <dtucker at> wrote:

> On 16/05/11 12:51 PM, Damien Miller wrote:
> [...]
>> The latter is more clear for Match, but long lines are more likely  
>> to wrap
>> and are harder to read in sshd_config.
>> That being said, there is plenty of room for the common cases that  
>> I can
>> think of:
>> AuthorizedKeysFile .ssh/authorized_keys
>> AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
>> AuthorizedKeysFile /etc/ssh/authorized_keys/keys_%u .ssh/ 
>> authorized_keys
>> So maybe all-keys-on-one-line is better.
> FWIW I agree with all-one-line as it's consistent with other (long)  
> config directives like Ciphers.  The only place that I can think of  
> where we use multiple lines is Subsystem, and that's key-value pairs  
> rather than a simple list.

While we're at it, Ciphers and MACs use commas for separators. Using  
spaces may prevent placing authorized_keys files in a directory whose  
name contains whitespace. 

More information about the openssh-unix-dev mailing list